Locky Ransomware (Lukitus Variant)

Involved Hosts

Host	Resolved to	Country	City	Protocol
calster.be				HTTP
212.109.220.109		RU		HTTP

Monitored Processes

Behavior Information - Grouped by Category

Process #1: winword.exe

(Host: 300, Network: 7)

Information	Value
ID	#1
File Name	c:\program files\microsoft office\root\office16\winword.exe
Command Line	"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
Initial Working Directory	C:\Users\aETAdzjz\Desktop\
Monitor	Start Time: 00:00:19, Reason: Analysis Target
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:02:06

OS Process Information

Information	Value
PID	0x9d8
Parent PID	0x57c (Unknown)
Is Created or Modified Executable
Integrity Level	Medium
Username	YKYD69Q\aETAdzjz
Groups	YKYD69Q\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010cdc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x A68 0x A50 0x A30 0x A2C 0x A28 0x A24 0x A20 0x A1C 0x A04 0x 9F8 0x 9F0 0x 9EC 0x 9E8 0x 9DC 0x A7C 0x A88 0x A90 0x A94 0x A98 0x A9C 0x AAC 0x AB0 0x AB4 0x AB8 0x ABC 0x AC0 0x AC4 0x AC8 0x B14 0x B40 0x B44 0x B48 0x B60 0x B64 0x B84 0x 874 0x 960

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x00020fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000040000	0x00040000	0x00043fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00050000	0x000b6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000000c0000	0x000c0000	0x000c0fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000000d0000	0x000d0000	0x001cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000001d0000	0x001d0000	0x001d0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000001e0000	0x001e0000	0x001e0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000001f0000	0x001f0000	0x002effff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000002f0000	0x002f0000	0x002f0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000300000	0x00300000	0x00306fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000310000	0x00310000	0x00311fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000320000	0x00320000	0x00320fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000330000	0x00330000	0x00330fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000340000	0x00340000	0x00341fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000350000	0x00350000	0x00351fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000360000	0x00360000	0x00362fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000370000	0x00370000	0x0037ffff	Private Memory		Region Actions
pagefile_0x0000000000380000	0x00380000	0x00382fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000390000	0x00390000	0x00392fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000003a0000	0x003a0000	0x003a2fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000003b0000	0x003b0000	0x003b2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000003c0000	0x003c0000	0x003c7fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000003d0000	0x003d0000	0x003d1fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000003e0000	0x003e0000	0x004dffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000004e0000	0x004e0000	0x00667fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000670000	0x00670000	0x00670fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000680000	0x00680000	0x0068ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000690000	0x00690000	0x00810fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000820000	0x00820000	0x01c1ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01c20000	0x01eeefff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000001ef0000	0x01ef0000	0x022e2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000022f0000	0x022f0000	0x023effff	Private Memory	Readable, Writable	Region Actions
private_0x00000000023f0000	0x023f0000	0x0242ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002430000	0x02430000	0x02430fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002440000	0x02440000	0x02440fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002450000	0x02450000	0x02450fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002460000	0x02460000	0x02460fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002470000	0x02470000	0x02474fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000002480000	0x02480000	0x0248ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002490000	0x02490000	0x0256efff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002570000	0x02570000	0x02597fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000025a0000	0x025a0000	0x025a0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000025b0000	0x025b0000	0x025b0fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000025c0000	0x025c0000	0x025c0fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000025d0000	0x025d0000	0x025d1fff	Pagefile Backed Memory	Readable	Region Actions
msxml6r.dll	0x025e0000	0x025e0fff	Memory Mapped File	Readable	Region Actions
private_0x00000000025f0000	0x025f0000	0x0266ffff	Private Memory	Readable, Writable	Region Actions
kernelbase.dll.mui	0x02670000	0x0272ffff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000002730000	0x02730000	0x0279afff	Private Memory	Readable, Writable	Region Actions
cfgmgr32.dll	0x027a0000	0x027d5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x00000000027e0000	0x027e0000	0x027e0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000027f0000	0x027f0000	0x028effff	Private Memory	Readable, Writable	Region Actions
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db	0x028f0000	0x0290efff	Memory Mapped File	Readable	Region Actions
private_0x0000000002910000	0x02910000	0x02910fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002920000	0x02920000	0x02921fff	Pagefile Backed Memory	Readable	Region Actions
c_1255.nls	0x02930000	0x02940fff	Memory Mapped File	Readable	Region Actions
private_0x0000000002950000	0x02950000	0x0295ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002960000	0x02960000	0x0297ffff	Private Memory		Region Actions
private_0x0000000002980000	0x02980000	0x029fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002a00000	0x02a00000	0x02a1ffff	Private Memory		Region Actions
private_0x0000000002a20000	0x02a20000	0x02a3efff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002a40000	0x02a40000	0x02b3ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002b40000	0x02b40000	0x02b5ffff	Private Memory		Region Actions
private_0x0000000002b60000	0x02b60000	0x02b7ffff	Private Memory		Region Actions
onbttnwd.dll	0x02b80000	0x02b84fff	Memory Mapped File	Readable	Region Actions
stdole2.tlb	0x02b90000	0x02b93fff	Memory Mapped File	Readable	Region Actions
private_0x0000000002ba0000	0x02ba0000	0x02c9ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002ca0000	0x02ca0000	0x02e9ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002ea0000	0x02ea0000	0x02fd1fff	Private Memory	Readable, Writable	Region Actions
segoeui.ttf	0x02fe0000	0x0305efff	Memory Mapped File	Readable	Region Actions
private_0x0000000003070000	0x03070000	0x0307ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000030a0000	0x030a0000	0x0319ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003220000	0x03220000	0x0331ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003320000	0x03320000	0x0341ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003420000	0x03420000	0x0342ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003460000	0x03460000	0x0355ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000003560000	0x03560000	0x0395ffff	Pagefile Backed Memory	Readable	Region Actions
staticcache.dat	0x03960000	0x0428ffff	Memory Mapped File	Readable	Region Actions
private_0x0000000004290000	0x04290000	0x0438ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000043e0000	0x043e0000	0x044dffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004530000	0x04530000	0x0462ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004670000	0x04670000	0x0476ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000004780000	0x04780000	0x047fffff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x0000000004800000	0x04800000	0x04ffffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000005000000	0x05000000	0x050fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005100000	0x05100000	0x051fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000005200000	0x05200000	0x052fffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000053c0000	0x053c0000	0x053cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000053d0000	0x053d0000	0x057cffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000057d0000	0x057d0000	0x067cffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000006860000	0x06860000	0x068dffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000069a0000	0x069a0000	0x06a1ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000006ab0000	0x06ab0000	0x06b2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000006b30000	0x06b30000	0x06f2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000006f50000	0x06f50000	0x0704ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007050000	0x07050000	0x0784ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007850000	0x07850000	0x07c50fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000007c60000	0x07c60000	0x08060fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008070000	0x08070000	0x08470fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008480000	0x08480000	0x0867ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008680000	0x08680000	0x08b3ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008b40000	0x08b40000	0x08f3ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000008f40000	0x08f40000	0x0903ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000036fc0000	0x36fc0000	0x36fcffff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x000000006fff0000	0x6fff0000	0x6fffffff	Private Memory	Readable, Writable, Executable	Region Actions
osppc.dll	0x744f0000	0x74522fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x76fb0000	0x770a9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x770b0000	0x771cefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
psapi.dll	0x773a0000	0x773a6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions
winword.exe	0x13f3f0000	0x13f5cafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000007febdf90000	0x7febdf90000	0x7febdf9ffff	Private Memory	Readable, Writable, Executable	Region Actions
chart.dll	0x7fee3f20000	0x7fee4a18fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
riched20.dll	0x7fee4a20000	0x7fee4c42fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msptls.dll	0x7fee4d70000	0x7fee4edffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msointl.dll	0x7fee4ee0000	0x7fee505afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wwintl.dll	0x7fee5060000	0x7fee511bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msores.dll	0x7fee5120000	0x7fee9f5efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso99lres.dll	0x7fee9f60000	0x7feea880fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso40uires.dll	0x7feea890000	0x7feeab97fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso.dll	0x7feeaba0000	0x7feebe7bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso99lwin32client.dll	0x7feebe80000	0x7feec64bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso40uiwin32client.dll	0x7feec650000	0x7feecf3afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso30win32client.dll	0x7feecf40000	0x7feed3b7fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mso20win32client.dll	0x7feed3c0000	0x7feed6c3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oart.dll	0x7feed6d0000	0x7feee83bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wwlib.dll	0x7feee840000	0x7fef0bdefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscoreei.dll	0x7fef0d70000	0x7fef0e08fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwrite.dll	0x7fef0e10000	0x7fef0f8dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
d3d10warp.dll	0x7fef0f90000	0x7fef115ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
onbttnwd.dll	0x7fef11e0000	0x7fef1219fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mlang.dll	0x7fef1220000	0x7fef125afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mscoree.dll	0x7fef1710000	0x7fef177efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
d3d11.dll	0x7fef1780000	0x7fef1845fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msointl30.dll	0x7fef18f0000	0x7fef18fefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sppc.dll	0x7fef1900000	0x7fef1926fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
npmproxy.dll	0x7fef3a40000	0x7fef3a4bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msxml6.dll	0x7fef3ee0000	0x7fef40d1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winspool.drv	0x7fef41b0000	0x7fef4220fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
api-ms-win-core-file-l1-2-0.dll	0x7fef45e0000	0x7fef45e2fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
api-ms-win-core-processthreads-l1-1-1.dll	0x7fef45f0000	0x7fef45f2fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
api-ms-win-core-synch-l1-2-0.dll	0x7fef4600000	0x7fef4602fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
api-ms-win-core-localization-l1-2-0.dll	0x7fef4610000	0x7fef4612fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
api-ms-win-core-file-l2-1-0.dll	0x7fef4620000	0x7fef4622fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
api-ms-win-core-timezone-l1-1-0.dll	0x7fef4630000	0x7fef4632fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
For performance reasons, the remaining 400 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\users\aetadzjz\appdata\local\temp\agraba8.exe	606.00 KB (620544 bytes)	MD5: 91a61e3be9cc7251972f6ee8d4836cb4 SHA1: f78c091a623c605e74511dd80d1a48376c2c4145 SHA256: 3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca		File Actions Show Properties Download
c:\users\aetadzjz\appdata\local\temp\~dfe5d8e3f73a92a76c.tmp	0.50 KB (512 bytes)	MD5: bf619eac0cdf3f68d496ea9344137e8b SHA1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 SHA256: 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560		File Actions Show Properties Download

Host Behavior

File (2)

Operation	Filename	Additional Information	Success	Count	Logfile
Create	C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe			1	Fn
Write	C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe	size = 620544		1	Fn Data

Registry (157)

Operation	Key	Additional Information	Count	Logfile
Create Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		1	Fn
Open Key	HKEY_CLASSES_ROOT\Licenses		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409		2	Fn
Open Key	win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib		2	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0		2	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib		5	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9		2	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0		2	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7		1	Fn
Open Key	win64		1	Fn
Open Key	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0		1	Fn
Open Key	HKEY_CLASSES_ROOT\Typelib		1	Fn
Open Key	HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02373-B5BC-11CF-810F-00A0C9030074}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02374-B5BC-11CF-810F-00A0C9030074}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{82B02375-B5BC-11CF-810F-00A0C9030074}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{8A683C92-BA84-11CF-8110-00A0C9030074}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{8A683C93-BA84-11CF-8110-00A0C9030074}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{AFC20920-DA4E-11CE-B943-00AA006887B4}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{5CEF5610-713D-11CE-80C9-00AA00611080}\Insertable		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Control		1	Fn
Open Key	HKEY_CLASSES_ROOT\Clsid\{646BE917-EFED-46C6-AFC9-CA1FBD3C5100}\Insertable		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		13	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		2	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0\Addins64		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		5	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		5	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common		2	Fn
Read Value	HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7	data = }	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = RequireDeclaration, data = 36, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = CompileOnDemand, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = BackGroundCompile, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = BreakOnAllErrors, data = 255, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = BreakOnServerErrors, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64	data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB	3	Fn
Read Value	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64	data = C:\Windows\system32\stdole2.tlb	2	Fn
Read Value	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64	data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL	2	Fn
Read Value	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64	data = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL	1	Fn
Read Value	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64	data = C:\Windows\system32\FM20.DLL	1	Fn
Read Value	HKEY_CLASSES_ROOT\Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32	value_name = ThreadingModel, data = 65	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = PropertiesWindow, data = 4	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common	value_name = MainWindow, data = 0	1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}		1	Fn
Enumerate Keys	HKEY_CLASSES_ROOT\Typelib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}		1	Fn

Module (96)

Operation	Module	Additional Information	Count	Logfile
Load	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL	base_address = 0x7fee3450000	1	Fn
Get Handle	Unknown module name	base_address = 0x7fef8e10000	1	Fn
Get Handle	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL	base_address = 0x0	1	Fn
Get Handle	c:\windows\system32\user32.dll	base_address = 0x76fb0000	1	Fn
Get Handle	oleaut32.dll	base_address = 0x7fefd620000	1	Fn
Get Handle	ole32.dll	base_address = 0x7fefde40000	1	Fn
Get Filename		process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260	2	Fn
Get Address	Unknown module name	function = MsiProvideQualifiedComponentA, address_out = 0x7fef8e93b3c	1	Fn
Get Address	Unknown module name	function = MsiGetProductCodeA, address_out = 0x7fef8e8a13c	1	Fn
Get Address	Unknown module name	function = MsiReinstallFeatureA, address_out = 0x7fef8e91618	1	Fn
Get Address	Unknown module name	function = MsiProvideComponentA, address_out = 0x7fef8e8f088	1	Fn
Get Address	c:\windows\system32\user32.dll	function = GetSystemMetrics, address_out = 0x76fc94f0	1	Fn
Get Address	c:\windows\system32\user32.dll	function = MonitorFromWindow, address_out = 0x76fc5f08	1	Fn
Get Address	c:\windows\system32\user32.dll	function = MonitorFromRect, address_out = 0x76fc2b00	1	Fn
Get Address	c:\windows\system32\user32.dll	function = MonitorFromPoint, address_out = 0x76fbab64	1	Fn
Get Address	c:\windows\system32\user32.dll	function = EnumDisplayMonitors, address_out = 0x76fc5c30	1	Fn
Get Address	c:\windows\system32\user32.dll	function = GetMonitorInfoA, address_out = 0x76fba730	1	Fn
Get Address	c:\windows\system32\user32.dll	function = EnumDisplayDevicesA, address_out = 0x76fba5b4	1	Fn
Get Address	Unknown module name	function = DispCallFunc, address_out = 0x7fefd622270	1	Fn
Get Address	Unknown module name	function = LoadTypeLibEx, address_out = 0x7fefd62a550	1	Fn
Get Address	Unknown module name	function = UnRegisterTypeLib, address_out = 0x7fefd6b20d0	1	Fn
Get Address	Unknown module name	function = CreateTypeLib2, address_out = 0x7fefd6adbd0	1	Fn
Get Address	Unknown module name	function = VarDateFromUdate, address_out = 0x7fefd625c90	1	Fn
Get Address	Unknown module name	function = VarUdateFromDate, address_out = 0x7fefd626330	1	Fn
Get Address	Unknown module name	function = GetAltMonthNames, address_out = 0x7fefd6466c0	1	Fn
Get Address	Unknown module name	function = VarNumFromParseNum, address_out = 0x7fefd624710	1	Fn
Get Address	Unknown module name	function = VarParseNumFromStr, address_out = 0x7fefd6248f0	1	Fn
Get Address	Unknown module name	function = VarDecFromR4, address_out = 0x7fefd65b640	1	Fn
Get Address	Unknown module name	function = VarDecFromR8, address_out = 0x7fefd65b360	1	Fn
Get Address	Unknown module name	function = VarDecFromDate, address_out = 0x7fefd662640	1	Fn
Get Address	Unknown module name	function = VarDecFromI4, address_out = 0x7fefd6458a0	1	Fn
Get Address	Unknown module name	function = VarDecFromCy, address_out = 0x7fefd645820	1	Fn
Get Address	Unknown module name	function = VarR4FromDec, address_out = 0x7fefd65af20	1	Fn
Get Address	Unknown module name	function = GetRecordInfoFromTypeInfo, address_out = 0x7fefd67a0c0	1	Fn
Get Address	Unknown module name	function = GetRecordInfoFromGuids, address_out = 0x7fefd6b2160	1	Fn
Get Address	Unknown module name	function = SafeArrayGetRecordInfo, address_out = 0x7fefd645af0	1	Fn
Get Address	Unknown module name	function = SafeArraySetRecordInfo, address_out = 0x7fefd645a90	1	Fn
Get Address	Unknown module name	function = SafeArrayGetIID, address_out = 0x7fefd645a60	1	Fn
Get Address	Unknown module name	function = SafeArraySetIID, address_out = 0x7fefd645a30	1	Fn
Get Address	Unknown module name	function = SafeArrayCopyData, address_out = 0x7fefd6260b0	1	Fn
Get Address	Unknown module name	function = SafeArrayAllocDescriptorEx, address_out = 0x7fefd623e90	1	Fn
Get Address	Unknown module name	function = SafeArrayCreateEx, address_out = 0x7fefd679f80	1	Fn
Get Address	Unknown module name	function = VarFormat, address_out = 0x7fefd6a9b20	1	Fn
Get Address	Unknown module name	function = VarFormatDateTime, address_out = 0x7fefd6a9aa0	1	Fn
Get Address	Unknown module name	function = VarFormatNumber, address_out = 0x7fefd6a9990	1	Fn
Get Address	Unknown module name	function = VarFormatPercent, address_out = 0x7fefd6a9890	1	Fn
Get Address	Unknown module name	function = VarFormatCurrency, address_out = 0x7fefd6a9770	1	Fn
Get Address	Unknown module name	function = VarWeekdayName, address_out = 0x7fefd68b8d0	1	Fn
Get Address	Unknown module name	function = VarMonthName, address_out = 0x7fefd68b800	1	Fn
Get Address	Unknown module name	function = VarAdd, address_out = 0x7fefd6a48e0	1	Fn
Get Address	Unknown module name	function = VarAnd, address_out = 0x7fefd6a9470	1	Fn
Get Address	Unknown module name	function = VarCat, address_out = 0x7fefd6a96a0	1	Fn
Get Address	Unknown module name	function = VarDiv, address_out = 0x7fefd6a2fe0	1	Fn
Get Address	Unknown module name	function = VarEqv, address_out = 0x7fefd6a9cf0	1	Fn
Get Address	Unknown module name	function = VarIdiv, address_out = 0x7fefd6a8ff0	1	Fn
Get Address	Unknown module name	function = VarImp, address_out = 0x7fefd6a9c00	1	Fn
Get Address	Unknown module name	function = VarMod, address_out = 0x7fefd6a8e60	1	Fn
Get Address	Unknown module name	function = VarMul, address_out = 0x7fefd6a3690	1	Fn
Get Address	Unknown module name	function = VarOr, address_out = 0x7fefd6a92d0	1	Fn
Get Address	Unknown module name	function = VarPow, address_out = 0x7fefd6a2e80	1	Fn
Get Address	Unknown module name	function = VarSub, address_out = 0x7fefd6a3f90	1	Fn
Get Address	Unknown module name	function = VarXor, address_out = 0x7fefd6a91a0	1	Fn
Get Address	Unknown module name	function = VarAbs, address_out = 0x7fefd687c30	1	Fn
Get Address	Unknown module name	function = VarFix, address_out = 0x7fefd687a60	1	Fn
Get Address	Unknown module name	function = VarInt, address_out = 0x7fefd687890	1	Fn
Get Address	Unknown module name	function = VarNeg, address_out = 0x7fefd687ea0	1	Fn
Get Address	Unknown module name	function = VarNot, address_out = 0x7fefd6a9600	1	Fn
Get Address	Unknown module name	function = VarRound, address_out = 0x7fefd6876a0	1	Fn
Get Address	Unknown module name	function = VarCmp, address_out = 0x7fefd6a83f0	1	Fn
Get Address	Unknown module name	function = VarDecAdd, address_out = 0x7fefd653070	1	Fn
Get Address	Unknown module name	function = VarDecCmp, address_out = 0x7fefd65d700	1	Fn
Get Address	Unknown module name	function = VarBstrCat, address_out = 0x7fefd65d890	1	Fn
Get Address	Unknown module name	function = VarCyMulI4, address_out = 0x7fefd63caf0	1	Fn
Get Address	Unknown module name	function = VarBstrCmp, address_out = 0x7fefd648a00	1	Fn
Get Address	Unknown module name	function = CoCreateInstanceEx, address_out = 0x7fefde4de90	1	Fn
Get Address	Unknown module name	function = CLSIDFromProgIDEx, address_out = 0x7fefde5a4c4	1	Fn
Get Address	Unknown module name	function = MsoMultiByteToWideChar, address_out = 0x7fee345f200	1	Fn
Get Address	Unknown module name	function = 711, address_out = 0x7fee3a59eb0	3	Fn
Get Address	Unknown module name	function = 716, address_out = 0x7fee3a19158	3	Fn
Get Address	Unknown module name	function = 712, address_out = 0x7fee3a5a03c	3	Fn
Get Address	Unknown module name	function = 685, address_out = 0x7fee3738ff4	3	Fn
Get Address	Unknown module name	function = 715, address_out = 0x7fee39d5aa0	3	Fn
Get Address	Unknown module name	function = 581, address_out = 0x7fee381ea78	3	Fn

COM (9)

Operation	Additional Information	Count	Logfile
Get Class ID	cls_id = ED8C108E-4349-11D2-91A4-00C04F7969E8, prog_id = Microsoft.XMLHTTP	1	Fn
Get Class ID	cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = Wscript.shell	1	Fn
Get Class ID	cls_id = 00000566-0000-0010-8000-00AA006D2EA4, prog_id = Adodb.streaM	1	Fn
Get Class ID	cls_id = 13709620-C279-11CE-A49E-444553540000, prog_id = shell.Application	1	Fn
Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER	1	Fn
Create	interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Create	interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Create	interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
Create	interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn

Window (3)

Operation	Window Name	Additional Information	Success	Count	Logfile
Set Attribute		index = 18446744073709551596, new_long = 262401		2	Fn
Set Attribute		index = 0, new_long = 0		1	Fn

System (30)

Operation	Additional Information	Count	Logfile
Get Cursor	x_out = 270, y_out = 190	2	Fn
Get Cursor	x_out = 471, y_out = 172	1	Fn
Get Time	type = Local Time, time = 2017-08-17 13:53:32 (Local Time)	2	Fn
Get Time	type = Local Time, time = 2017-08-17 13:53:33 (Local Time)	17	Fn
Get Time	type = Local Time, time = 2017-08-17 13:53:35 (Local Time)	4	Fn
Get Time	type = Local Time, time = 2017-08-17 13:53:48 (Local Time)	1	Fn
Get Info	type = Operating System	2	Fn
Get Info	type = Operating System	1	Fn

Environment (1)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	name = DDRYBUR		1	Fn

Network Behavior

HTTP Sessions (1)

Information	Value
Total Data Sent	0.63 KB (642 bytes)
Total Data Received	606.00 KB (620544 bytes)
Contacted Host Count	1
Contacted Hosts	calster.be

HTTP Session #1

Information	Value
Used COM interface	Microsoft.XMLHTTP
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name	calster.be
Server Port	80
Data Sent	0.63 KB (642 bytes)
Data Received	606.00 KB (620544 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS	1	Fn
Open Connection	protocol = http, server_name = calster.be, server_port = 80	1	Fn
Open HTTP Request	http_verb = GeT, http_version = HTTP 1.1, target_resource = /87wifhFsdf	1	Fn
Send HTTP Request	url = http://calster.be/87wifhFsdf	2	Fn
Receive HTTP Status	status = 200	1	Fn
Read Response	size_out = 620544	1	Fn Data

Process #2: agraba8.exe

(Host: 2246, Network: 37)

Information	Value
ID	#2
File Name	c:\users\aetadzjz\appdata\local\temp\agraba8.exe
Command Line	"C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe"
Initial Working Directory	C:\Users\aETAdzjz\Desktop\
Monitor	Start Time: 00:00:45, Reason: Child Process
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:01:40

OS Process Information

Information	Value
PID	0xb68
Parent PID	0x9d8 (c:\program files\microsoft office\root\office16\winword.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	YKYD69Q\aETAdzjz
Groups	YKYD69Q\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010cdc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B6C 0x B90 0x 894 0x 8A4 0x 8B4 0x 8C4 0x 8D4 0x 880 0x 8D0 0x 900 0x 9E4 0x ACC

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	Region Actions Download Dump
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x001a0000	0x00206fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000210000	0x00210000	0x0024ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000250000	0x00250000	0x00250fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000000260000	0x00260000	0x00260fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000260000	0x00260000	0x00261fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000270000	0x00270000	0x00276fff	Private Memory	Readable, Writable	Region Actions Download Dump
windowsshell.manifest	0x00280000	0x00280fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000280000	0x00280000	0x00280fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000290000	0x00290000	0x0030ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000310000	0x00310000	0x00391fff	Private Memory	Readable, Writable	Region Actions Download Dump
rsaenh.dll	0x003a0000	0x003dbfff	Memory Mapped File	Readable	Region Actions
rsaenh.dll	0x003a0000	0x003dbfff	Memory Mapped File	Readable	Region Actions
private_0x00000000003a0000	0x003a0000	0x003dffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000003e0000	0x003e0000	0x003e1fff	Pagefile Backed Memory	Readable	Region Actions
index.dat	0x003f0000	0x003fbfff	Memory Mapped File	Readable, Writable	Region Actions
agraba8.exe	0x00400000	0x004d9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000004e0000	0x004e0000	0x0051ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000520000	0x00520000	0x0055ffff	Private Memory	Readable, Writable	Region Actions Download Dump
index.dat	0x00560000	0x00567fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000570000	0x00570000	0x0057ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000580000	0x00580000	0x005bffff	Private Memory	Readable, Writable	Region Actions Download Dump
index.dat	0x005c0000	0x005cffff	Memory Mapped File	Readable, Writable	Region Actions
private_0x00000000005d0000	0x005d0000	0x006cffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000006d0000	0x006d0000	0x007cffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000007d0000	0x007d0000	0x0080ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000810000	0x00810000	0x0081ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000820000	0x00820000	0x009a7fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000009b0000	0x009b0000	0x00b30fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000b40000	0x00b40000	0x01f3ffff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x01f40000	0x0220efff	Memory Mapped File	Readable	Region Actions
private_0x0000000002210000	0x02210000	0x0240ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000002210000	0x02210000	0x022eefff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000022f0000	0x022f0000	0x0232ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002330000	0x02330000	0x02330fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000002340000	0x02340000	0x0239ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002340000	0x02340000	0x02340fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000002340000	0x02340000	0x02340fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000002350000	0x02350000	0x02356fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002360000	0x02360000	0x0239ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000023a0000	0x023a0000	0x023cffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000023a0000	0x023a0000	0x023a1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000023c0000	0x023c0000	0x023cffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000023d0000	0x023d0000	0x0240ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002410000	0x02410000	0x0257ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002410000	0x02410000	0x0244ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002450000	0x02450000	0x0248ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002490000	0x02490000	0x024dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002490000	0x02490000	0x024cffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000024d0000	0x024d0000	0x024dffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000024e0000	0x024e0000	0x0251ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002540000	0x02540000	0x0257ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002580000	0x02580000	0x0279ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002580000	0x02580000	0x0267ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002760000	0x02760000	0x0279ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000027a0000	0x027a0000	0x0297ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000027a0000	0x027a0000	0x0289ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000028a0000	0x028a0000	0x0299ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000029a0000	0x029a0000	0x02d92fff	Pagefile Backed Memory	Readable	Region Actions
uxtheme.dll	0x738c0000	0x7393ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73a80000	0x73adbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73ae0000	0x73b1efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73b50000	0x73b57fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
davclnt.dll	0x745d0000	0x745e6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntlanman.dll	0x745f0000	0x74603fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winsta.dll	0x74610000	0x74638fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
drprov.dll	0x74640000	0x74647fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wshtcpip.dll	0x74650000	0x74654fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mswsock.dll	0x74660000	0x7469bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasadhlp.dll	0x746a0000	0x746a5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nlaapi.dll	0x746b0000	0x746bffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasapi32.dll	0x746c0000	0x74711fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comctl32.dll	0x74720000	0x748bdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sensapi.dll	0x748d0000	0x748d5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rtutils.dll	0x748e0000	0x748ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasman.dll	0x748f0000	0x74904fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winnsi.dll	0x74910000	0x74916fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iphlpapi.dll	0x74920000	0x7493bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dnsapi.dll	0x74940000	0x74983fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
profapi.dll	0x74990000	0x7499afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntmarta.dll	0x749a0000	0x749c0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x749d0000	0x74a0afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74a10000	0x74a25fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dsrole.dll	0x74a30000	0x74a38fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wkscli.dll	0x74a40000	0x74a4efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
srvcli.dll	0x74a50000	0x74a68fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netapi32.dll	0x74a70000	0x74a80fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mpr.dll	0x74a90000	0x74aa1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
eappgnui.dll	0x74ab0000	0x74acafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptdll.dll	0x74ad0000	0x74ae0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clusapi.dll	0x74af0000	0x74b2afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
resutils.dll	0x74b30000	0x74b43fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comsvcs.dll	0x74b50000	0x74c85fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
certcli.dll	0x74c90000	0x74ce5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netutils.dll	0x74dd0000	0x74dd8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
atl.dll	0x74de0000	0x74df3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74f00000	0x74f0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74f10000	0x74f6ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x74f70000	0x750cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x750d0000	0x7516cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x75170000	0x751b4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x751c0000	0x751c9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x751d0000	0x752dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x752e0000	0x753abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
urlmon.dll	0x753b0000	0x754e5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cfgmgr32.dll	0x754f0000	0x75516fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x75520000	0x755aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x755d0000	0x7567bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x75780000	0x757d6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757e0000	0x758cffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msasn1.dll	0x758d0000	0x758dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iertutil.dll	0x758e0000	0x75adafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75b40000	0x75b9ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wininet.dll	0x75ba0000	0x75c94fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75ca0000	0x75ce5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x75cf0000	0x76939fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x76ae0000	0x76b14fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76b20000	0x76baffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x76c40000	0x76c58fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x76cf0000	0x76e0cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x76e10000	0x76f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x76f10000	0x76faffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076fb0000	0x76fb0000	0x770a9fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000770b0000	0x770b0000	0x771cefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x77380000	0x77385fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x773b0000	0x7752ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000000007efa4000	0x7efa4000	0x7efa6fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efa7000	0x7efa7000	0x7efa9fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efaa000	0x7efaa000	0x7efacfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efad000	0x7efad000	0x7efaffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions
For performance reasons, the remaining 64 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	Actions
c:\users\aetadzjz\documents\lukitus-2446.htm	8.67 KB (8874 bytes)	MD5: 03ba639109a5ad5406f423d1d4d472fa SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\lukitus-547b.htm	8.67 KB (8874 bytes)	MD5: 03ba639109a5ad5406f423d1d4d472fa SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f	File Actions Show Properties Download
c:\users\aetadzjz\desktop\lukitus-b59f.htm	8.67 KB (8874 bytes)	MD5: 03ba639109a5ad5406f423d1d4d472fa SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f	File Actions Show Properties Download
c:\users\aetadzjz\desktop\lukitus.htm	8.67 KB (8874 bytes)	MD5: 03ba639109a5ad5406f423d1d4d472fa SHA1: d901d940a2e058da46f6fdae83e85ec4926edf48 SHA256: c6b06db3ab1d390036be63a15d2abd138dbc17c371fd9ec039a4becd7c3d584f	File Actions Show Properties Download
c:\users\aetadzjz\desktop\lukitus.bmp	3.55 MB (3721466 bytes)	MD5: 08f38151ed738d7bc5878b5dd106e524 SHA1: fa1a19df5a1788772d07a5f11874ee77b7efd7fb SHA256: c2b5da0c579930ad5351749d20b702f62f31019bd4c2fda471aadb36b404bb24	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-93ff195c-3bb52d679ddb.lukitus	49.28 KB (50458 bytes)	MD5: 73098251fc1b59b50a2cb4c346d0571f SHA1: f1f2e412a8cd55d5d611a7e3d7d8ad7692ba3904 SHA256: 11e3593f0c2516fae2140cf958637816e1c022a764effe30e34b870469e51fcf	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-b1dc6762-4f6cbab10e0b.lukitus	81.82 KB (83779 bytes)	MD5: 6abad91ef2ea344540ffc34da13283b6 SHA1: 444af778f297eccb339123c5959f07a8f89b4224 SHA256: 0f1be91f6d873b31a92eb731c8724746101f75f78a758afcd1516957ec5dc43f	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-1fc77e46-75d0d332d675.lukitus	17.92 KB (18350 bytes)	MD5: 776ba4d91050761e680a84012e71145b SHA1: f57630ed5b959114fe4d1c15fb41fdbeea492764 SHA256: 17ee0c6ce1f0f32f4661c5aea15558cf056a6bdb20241a2094dc5f3b28d1a6e0	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-f71e2d7c-1a58c58cde47.lukitus	29.66 KB (30374 bytes)	MD5: a50862100d2462158111dcc9938ff0af SHA1: d7f39e3759e9360dd5629aa202acd3699409aa0a SHA256: 674cd1b6db3d4f950ab79a328944aeaffc2811020ef10bc0ff55fcc037aeabe7	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-68c82df1-14b4d804bd61.lukitus	68.98 KB (70634 bytes)	MD5: 772a87a10bc58301219c75e82450f9d5 SHA1: a40f092d065c3a19b9529198fe98d5eb4f170601 SHA256: ffda15c8587df4ba7a0529d32594b6f46f9b99e8d1e6c16f5f9e18614bcd493c	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-49cf61ee-57465675bb4a.lukitus	0.97 KB (998 bytes)	MD5: 9e0b618eea6c393041ab77e094c91cdf SHA1: 45837778384830ce66481c4b3605f60ff55c3bf3 SHA256: c0a44b8e12f625b0c73a5bcdf7cc38b0bc3152c16828ceb3c4232fc2d3eea4aa	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-1e43a153-b4fa5bd13c64.lukitus	58.45 KB (59848 bytes)	MD5: dca25bc771722b0031cd105fe3afb3de SHA1: 40c83aacedbac1f5dabb83f01b4108745a619455 SHA256: 9afc3f3637a2782cd25e488df9584bec16c21e41c0d12c8bae65588976fccabb	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-746c6c5a-dddafa9fe1bd.lukitus	87.29 KB (89384 bytes)	MD5: 1265daa90eedb3c9b3ec895a7e2cc859 SHA1: f756f23b8f219dd1a177efd5067d33895df91eba SHA256: 44c237217af69cc53029b4335a8bf8f7c920494a683a857122b432d698fcf40b	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-d050f35d-df08fe665915.lukitus	76.55 KB (78385 bytes)	MD5: b9d9f966203227eda7672af260d586b5 SHA1: 445fbf1d9de7746bd9f3abc64a580b6ac2806b6d SHA256: 144ba74c09c895dce58edace591b7e263326b38368c030a86de17061e82a1d8b	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-6562ef8e-9356a0b9d778.lukitus	7.42 KB (7603 bytes)	MD5: bf911c31fe23672abda64b65389368f0 SHA1: 0519b3dc9527c0ffc2f0cd9e84ebc8bac072e291 SHA256: 7b44f04bfd993affe249736dbbe704776ca010f61babf56c93c730094b282a74	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-02ddbb2e-dda7eef606e5.lukitus	74.75 KB (76545 bytes)	MD5: 4fc9141920f3a9a5d2267c61332fc10e SHA1: 83958705c423b40e7cde22ba24fc4efb881695d1 SHA256: 4f574655f1fcc3084f0008008ab6c986fcd988602591aa6b9aa0af4ae8cc49bc	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-dd1f464e-1d4279836981.lukitus	79.69 KB (81599 bytes)	MD5: 7e7be556fe089933e12989e93bee08fd SHA1: 3a776d1c6650c69a2c7bd1b944b45b038df9b0b3 SHA256: 07860428399bba38220f9ba9513d34b4dca67da2927fcdb7382f9129000b824c	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-7ccb072c-c1747aea88b6.lukitus	94.15 KB (96408 bytes)	MD5: fb5d26ae8d42dca9f83189a46d7aafe6 SHA1: 4244ea22d4acbf5bb1ad36ecdb2b764166f1e92e SHA256: d71b7fb4437a0406ad8f9874529946f5856714b53e38e831a8f4eeebcea3872a	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-6f1f87e1-0611de322330.lukitus	83.48 KB (85483 bytes)	MD5: 6a52bfb9267d0f422a0184a0fe14d6f5 SHA1: b4133b1d05faa54df705f30a46c433a43014da51 SHA256: e2015345d5922a8fe3676a1c7e8c940d64d169b1b8b7f5630052b49234f3c552	File Actions Show Properties Download
c:\users\aetadzjz\documents\onenote notebooks\my notebook\f56924be-9663-41bb-93122862-1b3365d6fc4a.lukitus	6.86 KB (7020 bytes)	MD5: 885fda6005971a82db16ad2bd29041a4 SHA1: 1c406fd6df0744789ec498a1abf925ad8ec60a3a SHA256: a5f248aec0548330dbb26391181cff2f72849242524d84870c8e30d7423c5b5e	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-7f7df4f3-fee5a0f835d8.lukitus	61.93 KB (63412 bytes)	MD5: c54fc8af819d898b850ac5fdd43254ed SHA1: 7bcc4fae19b21c006c7425add419be78de3f1a68 SHA256: 72a36bd4de31602c8dd2e6eb16786c95f11cb307d0dd5ef5ff78bfe3edf0274d	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-42da6451-74994b3b23eb.lukitus	34.90 KB (35738 bytes)	MD5: c65660792799d623f815201d4ed54c7d SHA1: 264c33cb60857a0dfd1b4d9d8f766188f8886e8c SHA256: 99c93e6b9ab37b41c663069c5355756c3a7d05fd75552452c2421dc877f743e3	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-e0725b46-87ead7fbfed8.lukitus	87.14 KB (89228 bytes)	MD5: 194a630851f7e2e2f5e013b0ab70e94e SHA1: 12f1365c7d8b0b5006eb5f7e660f34e6a2be5ffa SHA256: 58d6317026fb76718b3b13e75763750a069dd1d491d260be1dd09ac2b4d618f9	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-527c0c14-e324030a4a6e.lukitus	98.75 KB (101122 bytes)	MD5: b2e545b0b9f937ee1514f461838326c3 SHA1: 83fd7b53bef8f92179b46bb43bd887eff6c0e4dc SHA256: 29bc3313cf80fec7b70b8b0acf41d194d24abfb8d0edd3bdb9f0c75d2d813651	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-526e1a2b-128166908518.lukitus	61.01 KB (62473 bytes)	MD5: 31475f1b4f38f56ea9f3fb892a129ca1 SHA1: 35e503bddb6773d2ec4fa56fc0342551370bef18 SHA256: bd739976c57e1d7275a52304b7d7b0bdeba5516e08ae3024680f8fbdc41aa071	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-15fbd8aa-4d0a91f58ed4.lukitus	41.38 KB (42378 bytes)	MD5: f0a3789f2aaa76213cb01112e22b0a9b SHA1: cd3895ed6ec7e35bc79691d6818a9cce1d3e75d6 SHA256: 96c26e9da10586ee9dceed556236713e4798193d86c19e2a49f314385890e401	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-f1fcdeaa-ff7f06504774.lukitus	71.04 KB (72747 bytes)	MD5: 676f2fcb58be85dca079aed3c0307b14 SHA1: 312cfed40b006bd070a17d3598638c8a43cf9268 SHA256: 39f27549d5c9a2dcf360ea7730117d5db1057faf98f7505a6313319a837f64d7	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-1d9844f4-6dce132fa911.lukitus	97.19 KB (99519 bytes)	MD5: 6d5e20a0682136d3786edaadd4386eca SHA1: b89a45a4d8203f18eae7505c41537ab488891a05 SHA256: 50c7a84443a0102ed402d843e3066c78b171839a130533cbc4e4bb841710aab6	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-988e0a99-75c5268fa982.lukitus	55.64 KB (56980 bytes)	MD5: 01f852000bbcb39ac92aa22b36104f32 SHA1: d73eb40b00de0979342b96cc29879cca7f62d509 SHA256: 1bd6dfb3d97d3e31b19c4efc27c3676237153b34fea49aed5d7aea5bf1cbbfae	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-14d6a72b-e51a5d5dc391.lukitus	7.53 KB (7712 bytes)	MD5: d1ccedf54e7d148c94dd92abd10e0ebf SHA1: be302c7a6536983bc29e6874b4eca6457a25c98d SHA256: 50534e5328d077935daf7c0fe860c489005810bab3d36edf768a5295e7405a6f	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-65272a78-f5925d3fa2a8.lukitus	67.84 KB (69473 bytes)	MD5: e15288fe1acec5be28093a52d52bf408 SHA1: bbf0386872ddc6fc426beca0eaf5c1d76d4135bc SHA256: f6871b99f685682d86176db35b1ca8b302607accc6ae0c8141ddfb4bd3d24708	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-ce32cc3f-ebe8612bbb20.lukitus	79.34 KB (81246 bytes)	MD5: 7e1d44b9e9949f1dcc44df1cb77b4ce3 SHA1: a74b0c652eba8eaa1c10151253cf92475ffd9c8b SHA256: 1e1a422b1424e7f9340050fb708843f8c2d75a719d37512cbbb7cff41da80bde	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-cda913e8-271056ab5827.lukitus	50.48 KB (51689 bytes)	MD5: 27db40185ac2b07a15df545ef2678a80 SHA1: dcd3ea567c7229127c1d74ebd2ad1cb5d081bad4 SHA256: d1225f27f37022bbd8bb885e22488197dd3374ad12bc452f1d40509a890c9484	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-ba7682c3-ceef9fbf020c.lukitus	6.21 KB (6354 bytes)	MD5: 4c6380666702b4a9498f07e2116bb164 SHA1: c7776d7c7d25d7877ec146943b7958f47dbb29c8 SHA256: 9c4266a994efdcd75b39a7f6fb17e4ee1106f9eb4643bf2fdb971e5735da886d	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-fdd27ffa-d0b0af905888.lukitus	54.33 KB (55639 bytes)	MD5: bfde86a708ed6f8850ba5b5ed119840c SHA1: 7cc914837ecff162b4c0fb7def66d3e3440bbe60 SHA256: 50b497246a384d66af186e1d98d2a475d97539a02729f805f8cb84b9e6e19782	File Actions Show Properties Download
c:\users\aetadzjz\documents\outlook files\f56924be-9663-41bb-612962ee-cda06faa83d1.lukitus	265.82 KB (272196 bytes)	MD5: 99dc604e6316b4a06151d52b041246b5 SHA1: eb7f0255ad4028acd7bff986993f5a494f73e5d3 SHA256: c3324f5e81082ff027fc770e463281b5876976b139f88cc24824e692ba27db81	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-8c112abd-8e26aa86b08a.lukitus	96.67 KB (98987 bytes)	MD5: e082a12ca21ea266ab9b9b161f174415 SHA1: 9b2b62d9a09d455bd5885cd1893316122781e7b4 SHA256: 8b2e8cfe601fe954d4975dbc64d3b60ee4549ad080414aa799a9f849ecf02b09	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-02ed3f77-9c606d75c05c.lukitus	13.62 KB (13942 bytes)	MD5: 0c4780c26232d65f38c435568a283c80 SHA1: 2f4b40dd9a6f30a49f9b5235e9dd9a08fbf7efa5 SHA256: bd13f30a9947916e13dddd18dc3aeced0fa40a9c1142b7248cf0d339a0016974	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-781de6a6-e5a7705bb692.lukitus	72.61 KB (74356 bytes)	MD5: ef37e81fbcd78a587fe70e70bddcb967 SHA1: e685217ccfb73b9a6922d56404be0fdb6ecb7087 SHA256: 43a0d03bf7797de26a60ecdea7139450823eccd41c68cca78580d5f86e0a0809	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-7b55cf77-61f436ad3e42.lukitus	71.49 KB (73205 bytes)	MD5: 9d9a97256dae66413e871a5f5d43a517 SHA1: d7ddfa8b1202e255e5dba150958e6d1d85b420d4 SHA256: 29d9dceec2db1c66b2cd8064c1767557086c8b9157891564a6d5720f513b3e4c	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-a771a452-48dd4ba9679e.lukitus	91.38 KB (93577 bytes)	MD5: 3ee359090152ec94da64d6dbe5bbc799 SHA1: 8edcc53621f8ac41d272577daf0e159755638f93 SHA256: 5b8829637915f6af31bee9eba73a6f521217b94926fb3667631300397d41d5f7	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-b282f5d6-2a6d69715153.lukitus	99.04 KB (101419 bytes)	MD5: ab965e83e2eb2f180dc264c431a95365 SHA1: a42f75fb6ccd7b090f873bb74bebd5dbabe36587 SHA256: 551327f7b8862e2682f26ff105ee328c7a99860c9b3b510501e483c92b093c18	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-3a6db1ca-755757c28fe3.lukitus	25.87 KB (26492 bytes)	MD5: 7f6c8851cc5ea831b374025e26aeee8d SHA1: c3954c511bc2521138ecc2e1d88bfbe26fe48e40 SHA256: 21136f752aa9e46b591aa4b52dac4282a7a0789acfcdb71d47d5ce95079a7085	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-a9142ec9-2efebc30ade8.lukitus	83.50 KB (85499 bytes)	MD5: 641e0e999b0fb9f59ee67e99926ba912 SHA1: d4b94289b0631439864046a593714b6e0e033c4d SHA256: d12ac6afc663ddc778f3ecc28e5fc90729b65a5072ca33c192bb9422ce62e29f	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\alldt37so 5xcj\f56924be-9663-41bb-d65a438b-83dfabbb8ced.lukitus	69.55 KB (71224 bytes)	MD5: 6e9af0cc8bcf2fa16f861f5e58ec2628 SHA1: a63de682a5feb2c95af786dd6df44823531810f6 SHA256: f35bd6b431d60d92171acb7e00fc7a8d9f542910d99619a390797bec49c929ba	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-bb96571e-96bbd2c0a8b9.lukitus	47.97 KB (49125 bytes)	MD5: bbe54ff129630a5dfd8678ddd9aa3c59 SHA1: dc3ef9c5cdb18b8094c6cb5a99da648b0abfb202 SHA256: 660f420ce546f6714efa7a0a4cc6964fd2be7b29c46b2e15382753969a1ef9d0	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-41fc6dd4-65a22d7f605c.lukitus	91.35 KB (93546 bytes)	MD5: 62b011e83e86e7077823d885d1bd2f6a SHA1: 489c8f2431864bcbc1ea9803767f97782311f299 SHA256: 94e6b2608712fbb162be540f2a78632ed74cac57b3db7de1fc6f62898911d919	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-6c56a97b-e7e6a4aa125b.lukitus	42.63 KB (43655 bytes)	MD5: ea428f35f421f3a4b0d2a4a46bdc4051 SHA1: 114fca0136be8b192de0de76fe3203203382ec62 SHA256: d4e401cef6051ff974180b327f9c4234a67dfa07e56b9313dba5735ec0404ec5	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-a60ce289-e55a447535d2.lukitus	22.94 KB (23489 bytes)	MD5: e15198354fa0c3c3e4dc76f9a8208910 SHA1: 71a89ea03798dafd9228861e65f3570ce74b9164 SHA256: 49caef250b7bc24751001002b12d043b17620e7aa8004696e19967bb8b2a790c	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-21f0ca53-f69e38a75cc4.lukitus	53.46 KB (54748 bytes)	MD5: 8970e86ba4de3c42745f25fdd54ae197 SHA1: 6eb90349f272dbea69efe746cbc394059f845dd8 SHA256: 8fedbbb46e330730684e9a9d812a59fc57adb6c18d04ceacc35754277bd253d4	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-4b69e5a7-f60e62fe4654.lukitus	15.16 KB (15527 bytes)	MD5: 4583cd56d09e37fc0ff4dfdf04479540 SHA1: 49106e215048c20ce86bcfe9f908899a9399bcb0 SHA256: fbea91064706acd43c1fc6facec79a8c82cf6a6b6fb2cf0783a7f44d6dc9cb3c	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-541108f9-2da524f314c7.lukitus	73.73 KB (75497 bytes)	MD5: 5816b177c84d1e4b863230be0d9b9155 SHA1: 02f22b739ca7aa67f2c516ab3ea123f792331e61 SHA256: 1a8848a90f9aee5f5bdeed6888f423920691f2c5f39be46ed56a4c729404ad15	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-43743ab0-5b4f9943c7b9.lukitus	63.18 KB (64699 bytes)	MD5: 30795453a10b70ca931d8fe543dfc0f8 SHA1: 4348bad3bba73608970b5a077b1c55fd0d427ffa SHA256: 6a1a9268cbfd7e9c5f8ec150ac2551c2ff78a7a79ce2b0af9ebd049abc7a9398	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-3f7eea71-eeab13681eba.lukitus	48.96 KB (50135 bytes)	MD5: f18da71f888de931c6d290190ee237a4 SHA1: fc1e5754c9fc56908667ecf8bdf6d267e951e90e SHA256: 4e5f5f0e1e2724b82bfff92ab479d236385d5240fb370047bee42d15017ee289	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-44e29957-51107f7f4923.lukitus	24.12 KB (24694 bytes)	MD5: f1e6b4a6cc6867fc03350e84c3c35441 SHA1: 001b04bdf199936d2718ef025a2c138fec1e9b8b SHA256: 6016bd71e598ce5808efa9e10aa4ee25706b088817596649177a0db54b984650	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-b70504b4-e9a7156822c1.lukitus	11.66 KB (11937 bytes)	MD5: 3aa6f3df2b8863ba677b0fce9d227f3b SHA1: 654428393afb60031d4d6dff4ae21170e19d1402 SHA256: d045abcd1d24931a3a988e8ab2f3ba2ee52178eb22ed4260d78392d133fc38d0	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-3c30f310-5c6049e3f1c5.lukitus	100.78 KB (103194 bytes)	MD5: 0f1e68e87c1e3926b00f03e9fd4314c6 SHA1: 69d4fbff5e0b93c276b12cd5df74f59cd7c68bd8 SHA256: ec6da516a2e8ab7edc761e8dbf63ad5a39f144a559a54e3e9006d9d568d8708e	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-88736a33-a73fd1b5db9a.lukitus	76.44 KB (78270 bytes)	MD5: 10bdd7483abd5c15780cd187eec6d3e9 SHA1: 7c99aef210b09b55359f0b186e7ed6bba95ddc1a SHA256: 6cc4988052fc5268208c1aa802278a723729c40c317822f58603d3da4755a35b	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-49600478-a7543df24f7d.lukitus	39.61 KB (40561 bytes)	MD5: ecde9114fa71134e4ecd50f6769477eb SHA1: 49684d357f3b02e62331a8799d388af9b3947fa5 SHA256: aa71a2986de776387f5ed629e5a672b004f7afa098b9d2d571ee8f4777454768	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-7b6afc43-b245cc6e1dd0.lukitus	20.56 KB (21053 bytes)	MD5: 2c5ba72782c99ecea584b9c58bcfd905 SHA1: 7b2faa090039ac242ec7963df62d2dfc747112d6 SHA256: afabc17789bc548a251043b4ee9b9d48237914694991bd44d596077a65729a9d	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-026b0f52-b0ee23b731c2.lukitus	25.78 KB (26401 bytes)	MD5: 0b48798fab9d59f4cdc78ca9a7df98d7 SHA1: 6ee7d9e79c939d896d8dfc59e93bfe1629f048ec SHA256: 888e468487916657638ce4d470e13a0ad0bfda2a5d5176974ac9c5429dc81cfe	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-71ad6e57-d734bc0dc073.lukitus	55.31 KB (56640 bytes)	MD5: 4dece80ced1f7c0b40c0e71b9253ae6c SHA1: c4cdfb836256228e788c938afa5480544a43421f SHA256: d57dd4c701f4d7ace0f4eb88b08855349155bbac8be1e050342a97259182f2e8	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-7b4e72c9-ec40cc1387f6.lukitus	59.96 KB (61398 bytes)	MD5: 6c589300bccff80e34e7ee89347ab822 SHA1: e47f983b65ea4bf4e521001b7332d875578f7457 SHA256: 970f3cf452bd4aa7938e2ed7ab8a4332e1b60156b1fb95b9cd01c6559f5ee597	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-b233076a-f3f69be0de98.lukitus	57.05 KB (58415 bytes)	MD5: 674111b049564a315cb77810334b6812 SHA1: c380c52ebfdb46add2fd95277002555716fbf9df SHA256: ecebe3573c7b92387ae8a27aa2d8f20f07c9b0ec02a574f2135601e7112883a6	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-b0d08948-4afdf1d5a73f.lukitus	46.13 KB (47234 bytes)	MD5: 58629c03a02f8949cedeb4264ae04000 SHA1: 5354fad509be0ae80298573ac94b0fb1e3ab3553 SHA256: fd3874cafd3e153d71614dc0040cc91995be12f1960887f6e02d82be1c480be7	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-e6373d05-052cd23b85b0.lukitus	54.76 KB (56070 bytes)	MD5: c5bba3c53d13a5b64cc017e0a01699c3 SHA1: f61aa973b6b13874aaec4e5552460ae34ab7b467 SHA256: 89d4c40bd26112498cc38a463859197e73e7d268fa423dadf30c74a942680ce9	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-0b1192d3-83011f532cb4.lukitus	98.05 KB (100406 bytes)	MD5: fa8eeeb7176b52428f50c47cffda51a0 SHA1: 0305bcf827446971e40619ce39195e5d50e26299 SHA256: acd89d750354acd177632d4f35b73cbb978c73410194e533d561ff26371eb022	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-0bd9344f-59e2fd1b8612.lukitus	37.05 KB (37942 bytes)	MD5: 390c978963fa6fcff45f6ff8fb706571 SHA1: fc13679abcbae212bd248c04369ee984829d5c21 SHA256: 83978e3835fd145da977a36ff5594a90c8017549ab5978b7ec95d0034a3124cf	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-16ac9b2b-cf64176b99fb.lukitus	83.96 KB (85976 bytes)	MD5: fe9bfe26bfca15c48c16c7e07c895ddb SHA1: 0830a240a25dd5b312f47e724372a29bc2814e60 SHA256: 872bdcfed75cf02be4290f4bec9a88b4a331d0bf181b6e69855b43c7dfa83fde	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-6533c1e4-c0738507f428.lukitus	93.49 KB (95738 bytes)	MD5: e5518c14c1615ce72e9fe3f20ed115f6 SHA1: ac707c1fc026c0f9976e22bb661a0bad2d4c0293 SHA256: 4321f2bb650270e29efa859d59fdd1f367843abdaa1163231d36a0626ab23fd5	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-d49bf973-e058168b454f.lukitus	34.73 KB (35566 bytes)	MD5: 3c622893d523c4b4cb2aa0f86108bd61 SHA1: d5e6fe17cb9eb5de11f650c91e679aeaa52ee463 SHA256: f39349480a4152ea8aa13c8eda001d9324c0c665b8f7a171baa3ce008cd59b70	File Actions Show Properties Download
c:\programdata\sun\java\java update\f56924be-9663-41bb-0fd4e971-761d2214f09f.lukitus	0.93 KB (955 bytes)	MD5: e5d7624acd733aeb46248b02a5ca37c9 SHA1: 0395fd72c9dec4e630c9d3e172c865e9210521a6 SHA256: 6f4c324050b26f7478cec8e26b863203838ed110269b72d6bb7fc4483002bcfd	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-13f942e8-48eb76e84f48.lukitus	16.12 KB (16502 bytes)	MD5: f6d233d0e54794f515e43c3957b4bd36 SHA1: c6e88abe0d62ed019a4a315ca93148e32d249887 SHA256: 0fd7093c5030e4b23a5cf48c98cd315c8caafca22a9ee2baf5797a3e1f79cb73	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-29a7dc8c-dfc0e8056306.lukitus	14.89 KB (15250 bytes)	MD5: 38312e874cc6187dd6df21fa661996e5 SHA1: 75cb4df8e34e98118504825f6980de6615dc6f9e SHA256: aebeffb8b208901908b42efbbd6ada7818009df9cc6dbdd16d2d87003a8c0a6d	File Actions Show Properties Download
c:\users\aetadzjz\documents\fwkh\f56924be-9663-41bb-44ce3cd7-afd504f36697.lukitus	46.32 KB (47429 bytes)	MD5: 015ae1bde6e5fec87cf588c3e391a541 SHA1: 840c8e1cf059750555b3c523d8f373879428ab8b SHA256: 1522fed94f047caddf8819cb859caa543cf4dac5ddec13a0fc349bef54c148e0	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-1bcb39fd-c93e3b4c590b.lukitus	74.01 KB (75786 bytes)	MD5: f437376e25b9953e5f49c245fb862780 SHA1: dccdceb4b973ae7415d377d29115ce5afa3c0c35 SHA256: c81e0492c58eb3f5ccaa7d8567f4a827a8ea6f71a46f229354f0fd6d9ffddb3e	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-8ec36e5c-ca39e2ca23e1.lukitus	22.25 KB (22787 bytes)	MD5: 3b91a491b3fa287c78a534a50d2cf296 SHA1: b15340ac53f9bb3ac3e42bb05be0b1f83cd966eb SHA256: 6a8232b65ca125b44bb33194492922fc42bb9250de0905e377de8a73314bb54b	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-db3a9c6c-b4a2996d18e4.lukitus	826.93 KB (846777 bytes)	MD5: c7a0cc1ec3308de7726404756f4224eb SHA1: 1e6b31dadbe5ab38a5d91c548c66099f1841d165 SHA256: 95d11560d5a43ec88a6abf98bf90599db244c3332565c0afb9b4cdc99e80f2f8	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-63f06b4d-40748180c2c9.lukitus	582.15 KB (596120 bytes)	MD5: eb2b55105302183288147363c55327b2 SHA1: f45c343692c552032c1becc8c04dcf524f980b9b SHA256: d49aecda2c122fc9c5b0bfcf377297600ddf2a77d9d9a456f995682250a20890	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-2128228c-3ef411e166f1.lukitus	758.34 KB (776538 bytes)	MD5: c992e8f974b5f9f9cde843e199bbe780 SHA1: 30e07368b76be57ad85cbc1ddc0f0ec6546b891e SHA256: 93f55ef6b0be02288a81713828056490fa63b92618a0e94a767f4c1ca9ba77fe	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-7d28049f-ca2dc98d9072.lukitus	67.61 KB (69235 bytes)	MD5: 609dd4e8666f15060b352c277496b383 SHA1: 3d5c85361e5d94a474785e5226a0d904814c89f2 SHA256: 027d71512c9a53eeb25f3a1a1f151cd86dc44de15e6c205bf121e658ed28fa09	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-d0039c86-9e680ba77e12.lukitus	763.35 KB (781667 bytes)	MD5: 0cae6416a51b268c9180d03f59d92dc5 SHA1: 8deb398747c130d5b16251a6bcf6832f71931bde SHA256: 7480b58b1ab6137d68cc828284920c935c30038e6f196380c3cc0818667a6191	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-16db964b-ddb43481f1db.lukitus	97.55 KB (99891 bytes)	MD5: 69cd8258f01125b41414f4441106351e SHA1: b12037b8e0b3ca3118e5af1c01800ca5b3616b1c SHA256: d31ab02d80c5e8b60eeab53a17c4ad59e35596ccd71ffbbee9f7e7fb1ee30506	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-8ea4d603-5a2874fae3fc.lukitus	548.94 KB (562112 bytes)	MD5: ff5c86ab51b783858399547f89eecd26 SHA1: bca7b2364baf01c154f886b21b8d20cbfa0ada6d SHA256: 78c50b44e3fc2ce3ec7fc8869c4119d1f1b34bd5f9196f82fce154c846827fe7	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-bea9b2d7-58d4fa770e74.lukitus	760.42 KB (778671 bytes)	MD5: 4e52eca69058b5b90c3cde991c6fd074 SHA1: f59c4f09d5aafd93b52f7db3ec872fab6abe73f7 SHA256: 3fbc6b06e92ec7067183adefbc0b01b2d8eb5d74cd05a24f67cb83f0af1a63a3	File Actions Show Properties Download
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-34c63d6d-4a50106c55be.lukitus	2.38 KB (2436 bytes)	MD5: ad9fc03fdd67cd9298591ea0d12f9347 SHA1: d08c6626fc2d953917239146aa9dd157967f9c8c SHA256: efa59c6e1aceb673a673a44fa7259970adced9049ad1ba518793a34a9bcc31b3	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-6ae0090e-6cdcb46c0311.lukitus	15.85 KB (16229 bytes)	MD5: 5ac26135af6fc8fe57d50c009b23a973 SHA1: 826b2d4b79875fb6b9ed0b54c41c8b47c6b80e34 SHA256: 86be99489223371ded8182569b025831e04cd54239c4d688aa021ae5f5b1fc07	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-3b2b7f6f-812656df84c6.lukitus	66.32 KB (67908 bytes)	MD5: cc16e88d461b2a64a0a07952011b6c78 SHA1: af3fa4ea7f69bc944db7bc8a8c7604524aab4960 SHA256: af85ec3bf7280380e72c235d78709e7503ae93b9202d26e23ddd92882c7371b5	File Actions Show Properties Download
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-fa0d154b-245888d727e3.lukitus	63.56 KB (65088 bytes)	MD5: ca8ce82168e9cf9cf3e17e811d8012ae SHA1: 4d088416707db0ee6142c662e65102f48d5fb884 SHA256: a7f002038faba925f927b8f413df6a76340dc71e88918357bc7562ccda14c087	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-85ab3cab-1a0670314428.lukitus	607.15 KB (621724 bytes)	MD5: 186014ca84f18a2a0a4cf027197c3659 SHA1: 5e9a50e85d5b48227b523c373a7b9440f2efa9db SHA256: be55916dfabe1669c8523e6e0a87df65e73faa665875aa26e99e8f0369499714	File Actions Show Properties Download
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-1753ef9e-5a7f628573fd.lukitus	24.70 KB (25290 bytes)	MD5: 125ed2e35e1356ec3ce7af04d089cf6b SHA1: 17987b1957027fa4bcea9f3296c4f4b2a696256f SHA256: 5ae802bc9c55e110e649bc8f375bb060218f0138e31d071f76f82363c00c87f0	File Actions Show Properties Download
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-6edc54f4-2a6316bc2a6d.lukitus	81.85 KB (83817 bytes)	MD5: 8d9d2ea39d85168297b0c8463aa91048 SHA1: 354e90bd9f3f0b30ca32b69be03bd8fb4f638125 SHA256: 7561bca5b6c8df3f4f7f7e36f03bb0bc3edea4025ad99b1b03630f355a63678a	File Actions Show Properties Download
c:\users\public\pictures\sample pictures\f56924be-9663-41bb-ad1ca3c0-3165ab58af89.lukitus	859.60 KB (880230 bytes)	MD5: 4ce15772a2aac9a6add35ad06980e018 SHA1: f0bf0b4046527293854810e644625d675019bdc2 SHA256: 9df69ae1c809db7fb5cbe188b0f9d88e86dec488d44d5ac8f33fe284e3615294	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-5d8cb0e5-0f44328ecaf2.lukitus	87.20 KB (89288 bytes)	MD5: 263038a221405a16c3acb6db5ebe9c65 SHA1: 70cc3921b3c6718efc69b559c044e47aaab3b4dd SHA256: fa6a71c1b63fd9d33b7d252b8f53d7db96645299269b92028ba8d5ca5b34f023	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-0725fd16-48003b943989.lukitus	88.96 KB (91093 bytes)	MD5: 7db96eedf7fbf29176b3f971cc7850fc SHA1: 97e28ab0727fed8be616863e4994fc8e01ff028b SHA256: 5ed5325f19dccd610d97e211a461e9e7c7bd3b2a76337074a57690d218aad144	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-21ea5f2c-8701a72f2220.lukitus	96.61 KB (98928 bytes)	MD5: 6c5f6d6c1f9cb1698087815dae3ae6ad SHA1: 88fc8e84ec4a5a1df24c99ea8d9325b3150e1d07 SHA256: 6d78af00ca0852baa7fcb08b8a5cecb51fc1ed2451c1af3fc9832e35a8b24a5b	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-5eeef7e5-307233feb153.lukitus	99.35 KB (101738 bytes)	MD5: 875bd5e3e0eff4b0d987ae366d7e6041 SHA1: c40e0cf6dcefcc47bcb333be2ba4b36346a74fb1 SHA256: 6026dcd8bdb731eeebd07c9111a9eb27dadd78366758b155ff87d6b2d0ff5160	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-105fd1e1-6c6be53496ea.lukitus	67.88 KB (69504 bytes)	MD5: d17b3d430fde8beeed17cc0efb664ab1 SHA1: 6d76f7c3d691e026700c5cdbe6158bd42b21972b SHA256: aeae24d279b192567f7a90b71371ada1d8a8f75855884e6ea1a734a5f454df7b	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-0dcfa9e5-faf41d841f89.lukitus	58.99 KB (60407 bytes)	MD5: da6e9f7e90d23867edd35d848ddc5aaf SHA1: fc8889186c0193b52b3d54a4cbe509be027f330b SHA256: ff27ae1c3d97c77c38bc0dbbd43af610807a60b4110faa713837181384cfb326	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-4fe46af0-e6208dfc4337.lukitus	57.30 KB (58673 bytes)	MD5: 5e564cee97c6dfe94cf72453127fd8f5 SHA1: 6dc03568c39255efa7e4ea35913b0066d7a26a3f SHA256: d05b35f4f554bd90937a62728f4ddedb55ea1a932e794798c175ac0dd73ccbe9	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\hmcn--w\f56924be-9663-41bb-8ebdca29-fd38b8601764.lukitus	85.64 KB (87698 bytes)	MD5: 9dfa0bee9df987f02306da67434a65a7 SHA1: 9b7c61c830e942ea271ffa047d6eda694058abf6 SHA256: 6566cb2b42873520944bbfeb9578d12caad563f5e945bade9314d867a9821ec7	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-bfe5064b-970c8f5a0518.lukitus	15.99 KB (16375 bytes)	MD5: 3f844b86b9c824437f480abad28c6c99 SHA1: c1ea0086f2d686ce51e87a19cf37b41e6fa90d14 SHA256: 3a8f1508d6a20477182d64710204aa832adcc0699dff1e67da0b198a864dd5a6	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-85a5b08a-605b60b6ebd6.lukitus	70.51 KB (72206 bytes)	MD5: 4df6e6740c263aa385de7ab8d612c2f0 SHA1: 5b8561902d5b06e84d2dca6e20495664de89175e SHA256: b33ac7b2c77c3f2feb83405ac5eaeb3fa4d60b20b2c05a8c06443a314a104a81	File Actions Show Properties Download
c:\users\aetadzjz\pictures\8lya8agxgsi0\f56924be-9663-41bb-88881914-b3ae12b46247.lukitus	11.77 KB (12052 bytes)	MD5: c7fc4e55b879a5c4bb78bf9364d2b18b SHA1: 53b90e5c4e2ad6c5b99484bc893a213e581b2b07 SHA256: b771cd820eed03b368ea27b206dea765c6c48ba4ed97cd48b3d2d320312ff033	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-786f2966-85dd58079d16.lukitus	70.64 KB (72332 bytes)	MD5: af7714a87bb259577f9cd70ba3b4a43f SHA1: 8d5d1151035a895ad1c59328d8bfbb2873edf376 SHA256: b6f4a6687bd21aed052c4ec0847537fce383cb022701e275145efc4844451766	File Actions Show Properties Download
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-160875ab-8c16168ef4dd.lukitus	34.63 KB (35461 bytes)	MD5: d6ffc919dd46ef2225ad09abb6b03cb3 SHA1: 3d38abbb116daa61173c8a05eb20eb14997fa28c SHA256: 4bdbe60d8db008ce218a5c184c91b41176025d6a18e09edefc28581ad4d86413	File Actions Show Properties Download
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-169e6313-c430f979b7e3.lukitus	93.48 KB (95725 bytes)	MD5: 0eb5d0a5a5a1c44e54259d4385118891 SHA1: e2b9f0fe121aefc6def63636ca6f75dd12400811 SHA256: 82596611766de45740b6b6a930b97aff8f8053925a3173424bdf9b7f73fa2858	File Actions Show Properties Download
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-ed8e90b1-c99eeb3cd344.lukitus	30.37 KB (31098 bytes)	MD5: 1336a8270def600025b9e56b32364fd2 SHA1: f0b7a35386e13258f201612900d830b72907839b SHA256: b482c547d6c27c38404265e23e89eee5b08a2a9cda977c6777a586f9407f43d1	File Actions Show Properties Download
c:\users\aetadzjz\pictures\_2aelz\f56924be-9663-41bb-d8d6a0be-1eeb096f86f6.lukitus	76.70 KB (78539 bytes)	MD5: 54691b48c2c6a9cac8fc27e298e243c6 SHA1: 5819a5f2c9476cb1695b7be464e667c83cc4df23 SHA256: c8a694b9b45d39f0e8cf97fa56356fe2e624aae6ab1b4d41326f3509d5696ffe	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-c18f2589-5c71bf4f3255.lukitus	55.24 KB (56567 bytes)	MD5: b8e392254147a37a185517b4f6b3042b SHA1: b630e4ae8ef2ffc2de66e87aac945a40a9287693 SHA256: 5f578fde878f6aad06bc4d9e6595544840e9dd9a9380907ba4adedf8a3c4104b	File Actions Show Properties Download
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-a5d5084d-decb3b0c7615.lukitus	35.00 KB (35842 bytes)	MD5: 6d481224bac4a1e375b34aaab96f3125 SHA1: 928b5cfed88226f6f8e55f44dab1511f603dfb39 SHA256: 98da131ca6f3fc566c73ced50216f3a3be3056925bcf15f2ac5f10827abae3e0	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-a080fc17-79d47057b610.lukitus	34.27 KB (35092 bytes)	MD5: 042b78909f13410e288ac87979e83d61 SHA1: 8518bd401583d47d3665e6e3a15e0351e4510f8e SHA256: 4943e008dee7cfaa9017bc5762d32aaab9612f3c4a32ce504de784774c63ed44	File Actions Show Properties Download
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-1d9631e8-90bf411c2fee.lukitus	38.80 KB (39731 bytes)	MD5: 006811bc5dafe18a5b3cbb8a6e05131d SHA1: d355b436a6ceda728b93467c1c9dd5ace99e2c2d SHA256: 63cb3577f7b000f7b1525c50de49248fd795cfe7596afe1b4b16fa9fce8146e8	File Actions Show Properties Download
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-8b683683-04f707d56484.lukitus	9.60 KB (9832 bytes)	MD5: 2bca9c801bae8b187e614854dcfe45d7 SHA1: 89f8ac79a5abbfc6bcb18871f76291b4bcfe1d98 SHA256: ff741da1614409e35ab97081ccbbd0acdc727eab1faea2464556dfa6f382325a	File Actions Show Properties Download
c:\users\aetadzjz\pictures\97sfy1rz\f56924be-9663-41bb-ecb96fe5-208908824dc6.lukitus	62.68 KB (64187 bytes)	MD5: 133e56f297202ce2b8d6e56a58e51483 SHA1: 79f080fa37c9b8e4b7d8589ac7872a51a853f19f SHA256: 4d0b86aae98709ac16bfd3c7c70d361fad7f8862ab72fff806a89a2af71a96dd	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-61116eca-f6682086be7a.lukitus	24.25 KB (24835 bytes)	MD5: d139fc83092b0854111e706415920b0e SHA1: acc2618bc1f8047a7db70c0de263f554261b82eb SHA256: 31b652297f9c7406cf1a8ba5821f9e5bef71bc5ecd9c7f5994d0312497f61b3c	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-0a72e3e6-09c6bd33ae22.lukitus	76.12 KB (77945 bytes)	MD5: 29b4e594c48dabb7444129b2a768267d SHA1: 940d4cedf379e2194cc1cd1d716e6b97ffa35264 SHA256: 0cb11a43748c609b624ba2f700c2ec2ca89295212fd8bafe18ea9470adbe366c	File Actions Show Properties Download
c:\users\aetadzjz\pictures\f56924be-9663-41bb-0f2db1b7-adea5382834b.lukitus	3.54 KB (3620 bytes)	MD5: 131f61fb3e4a2e22a28b28f76cf85ea5 SHA1: e0063d8ef02c58e1473c851668fc47340a1cfa99 SHA256: 3d36441a4038a8c4feb102ba50c6df7784b4dd07692988aa762a6d5931d948d1	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-97bfbcf8-b516116e07da.lukitus	61.20 KB (62671 bytes)	MD5: 60b29baa2723f1c9fc8ce005d4114859 SHA1: 7ced67dbf0f687ad3bf18c945555278d26d2b688 SHA256: ec2dfc3efb3c6b0dadb82899beedfc99c3603cb75ae30378ce14b59c80615058	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-9d05ef54-2dbbb8a0a892.lukitus	65.09 KB (66650 bytes)	MD5: a36d01388c5b36b44cfb81b19d7748ec SHA1: 42b2837c3f3d166b08ace6d91c45a3c3f42e4a9a SHA256: 181df77c09a33d85e521fcda50da59471a616369e4465ab197782ee127af0c13	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-9260e0d0-755888374530.lukitus	62.03 KB (63518 bytes)	MD5: 01511775c3f72b14aa155c2192ba8ab4 SHA1: aa2fe6c8cd7b75981e0cc635814bb16547d10504 SHA256: df34c8df3cde7aab5b6a9cab0b987e65cdb9c2a4614729a1304264f7e79ecb43	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-753475ac-25e968e13af6.lukitus	17.64 KB (18067 bytes)	MD5: 56a3ddd0fa9090b7b512025e5a401e20 SHA1: 5d9198f39a76648b546fafd1f7dc9bc94e089f56 SHA256: d0ac77f4c7c1c4a64007f1c59cf668897b490308b8ba956701e127409fed7ad4	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-3bb4b2f2-cd9a31ba95f9.lukitus	28.23 KB (28911 bytes)	MD5: 57e9752de10254dc8fb5ef62a1f56410 SHA1: 42c91cf8722c0480ecfb35f1265a2791911bbe14 SHA256: fb58a6bbd7d1c99b7e253a680143a35ec66bd94b3f15dc1b0756904e57f134a2	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-67a2c15b-ace8513d7dcf.lukitus	24.30 KB (24881 bytes)	MD5: ee6948d23282c4d051ad0d84752b0b56 SHA1: 7b5abaed205e052c48fce640dc3dcb1d10a5fca4 SHA256: 0d64cc3faa9d4c777a382028cf622a067b843d0d8dab9a17780b72071292716a	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-1d8398a0-b0f041bd0889.lukitus	40.43 KB (41398 bytes)	MD5: a3aa6f24770c48403987ef6d3f661a52 SHA1: f561518fee9ccba23ef7a8e607433fb91c522b09 SHA256: d7cae341a5b6bb064dcdcee0df2499049f58daf46bf77a68016ba9559a2b2212	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-26890357-3e98a81805a4.lukitus	8.46 KB (8658 bytes)	MD5: e7f11bfabe783d3b2bd6a97bed38a1e9 SHA1: 0fa8e4ddac14120abf524660207c23f96f96c1c9 SHA256: fb8939676fabc1d3c0bfc48cfaadf45264d2674271df638ff6d9c36ea5e65c51	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-920974ec-cc3ab8381775.lukitus	36.77 KB (37652 bytes)	MD5: 84844a574b55c3fd72c43876e6f7a6ce SHA1: 5fef2beafd23a7727ff7d302fe549303dc9d8375 SHA256: 6597ae1e1846f265808e0a582ff3c728a875265a56d4573175c698fc6849420a	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-2daadf60-e156096da44f.lukitus	53.71 KB (55004 bytes)	MD5: af7bc76a7aeaad2b5e06fb6c590e62df SHA1: 2cc8ab65b2660e4a04eed3b43414a1d4cda9c447 SHA256: e62fc3fe20b9eb1f99e723bc1d4be399b86685f22981769c5a17c9412252c397	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-f0395898-eb4252148408.lukitus	67.79 KB (69416 bytes)	MD5: f971962a5c41b255ea328959a1ea7f39 SHA1: b3ac71960dc96959e40b9cc11da8f90c5f9e9f35 SHA256: 4aa6348f1b51026680973444c6a9babd4e52aacd166577443929910cd2467093	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-7c24ae20-0a25aa91c989.lukitus	78.80 KB (80688 bytes)	MD5: 165538794fdfd0e2328251c7c781a2ab SHA1: ba5fb810268b57d4732ef05396b8b633dda1c839 SHA256: 2a760cfbb662cd8bd56d1d0f19f1fa92693ce12ec2d954de48009ca3fe8eb05f	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-fa254207-48d9bc68f536.lukitus	30.75 KB (31491 bytes)	MD5: 4c31fe3f0361af9550ae36539b089839 SHA1: 26ad476bdcde39d53378e9088319ca10783edd3e SHA256: 90514fd2e74bd19016b4ad07e76f02c78879706943d54ab1d70fb5a9630b62f3	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-3ffd1798-470c2125eab8.lukitus	2.64 KB (2699 bytes)	MD5: 140820055bf5e7d1660cd5bb1aade4e1 SHA1: 7bd54c718a37a7d4f9ae03d117c82ebc41c4cc89 SHA256: 084866ed274468828acc947e3fbfa62af63ce5d84d9dfd8982e6f24e970ec2ac	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-7fc86d39-ef25d3b23399.lukitus	14.50 KB (14848 bytes)	MD5: 50dd1e09cfcc59186ea70aab583a9014 SHA1: ac284339d35535076b2620db326c64c73fc65d40 SHA256: bfb50446c27128c45569228fbe8ee381704ef171af508391dd8d095bc013f464	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-8e846290-5233b81c7d00.lukitus	92.36 KB (94581 bytes)	MD5: 5476591c0489ee38585f8992ca677a86 SHA1: 1c3f5d0b9bbae08814391da2f7880db56aafff34 SHA256: 847bc50b4aa2ab63fd4a335b7e84d5c406cd8a52fed00056797f45a859219f5b	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-f4705dfd-535cf3ef79b9.lukitus	80.08 KB (81997 bytes)	MD5: 1173aaa14bf0f412fcd92b9265e318ca SHA1: dc69d137034ba334da2e48950931ceee9f7bc66b SHA256: 3b14415e4304ecf7e1ac5f8004fa2a8b4ac5ced6423621044551142d0c710a7e	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-e9f295fd-1189f8affe87.lukitus	10.64 KB (10897 bytes)	MD5: d3f520654b53ca913a53cd3a859c1d82 SHA1: 805699c2d6570747117cc26e80f73ef464592e7a SHA256: 5d94a353504c88bf20f4f5e87e613f4886ddceca86d6a45e778b0e8d5ea01c21	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-bcf63bc1-5bbe68e793e7.lukitus	52.70 KB (53967 bytes)	MD5: 7c9c466123107a3796f043f83db191b4 SHA1: 565bab6130419a45e1c17abddf1653012684762c SHA256: 54e7710271568c6e28b7f195071871debaa1586ec807077ea8d1282eda42b6aa	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-6a36d603-50f4deb3e87f.lukitus	70.64 KB (72333 bytes)	MD5: 44071515d6a0fc0c5cd8707c40ee2483 SHA1: 3e0eb2903d9c2be66ac43753987ded0ebdeff7d2 SHA256: a79d934f2434fe5f5c6340a63ac71012f4116a0d3f6ab24612d7643a5de4ceb8	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-952d529b-bd0be8b63751.lukitus	35.25 KB (36098 bytes)	MD5: eaf9f4bca0dd2a177d12c2124c140ed5 SHA1: 76157a8daff8551deb964be3c4f30592930af1c9 SHA256: 26ac8ac44fa8cf45758f3e251ba3b05a221e9c1695d6ba5891949af72b28e654	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-b0bb4df0-6cf812a4840d.lukitus	66.07 KB (67656 bytes)	MD5: 081e4d7f2b3b835e92872d746282d832 SHA1: ca08c720a5a78050824ac3941315a2fb2ff7c042 SHA256: 8800474b7b18b9a417a6602e0d2b8cbf9b65b36194622bc019bacf7e5c8f30d2	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-9bd64c04-ad5d37a21037.lukitus	48.58 KB (49747 bytes)	MD5: 41b1031a19e81a8b286987b988a52a18 SHA1: c2dd09e8573a0c2eb968e03ca3964b047c5fbae9 SHA256: 0f4ee31358899953e6f01fd4401e129c08629cc51ad387f5468ce62dc4d4f42e	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-873ff873-535f0466eff8.lukitus	50.10 KB (51305 bytes)	MD5: 5b2280a98e3651768d842cc12b4f21aa SHA1: 8ac4cc828f3c8d362b6d24b4d2b8ddc6b7afbea9 SHA256: 6285d80b671ce5a93871da7629e3304cf72026c1f241dcced7dcd57d1748a7ce	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-5239650a-9efdef59c32f.lukitus	34.03 KB (34847 bytes)	MD5: 7c7a7952a000f04ce424b1c50f2f5b8b SHA1: d2700f1c08658d04b42cd4f06936bca69c219d92 SHA256: 608e52f6978d52406745c1258d6185eb114452c84510fded24ab15804dd400d8	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-6362e4f3-eaa74f3658b8.lukitus	95.59 KB (97880 bytes)	MD5: 645ecf9fa7463055bc11fde9b517cef6 SHA1: 9682971234bf21b61d9a2b1fd397fc6e48af213b SHA256: 118bcd0d7817703514e9db00f8e3e4f4ae71c160b3110395abe6b321046f4c1d	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-661ee13b-fdfc54f63d1b.lukitus	6.48 KB (6632 bytes)	MD5: ec4f2070501910b59af19537f5be8323 SHA1: 7d63abe1ca6d4cfad0e8c588ebdf8dae91f1b368 SHA256: 1cd36d416e41761b8859721de85ee4a52a098379ba15fe13524d6c466184b91d	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-bf55d3d8-fd0b023dc035.lukitus	2.90 KB (2966 bytes)	MD5: 778c095dd764625ba91cb02a45d8b79b SHA1: f9bd6b2e018bef5da8ff61692557e479508faabb SHA256: 1f8ad422fad46dd52ad19bb2d405328d2ee0dfe994553a6eddcddd7032ec9484	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-0b96a441-a5b4a8d7b326.lukitus	47.13 KB (48265 bytes)	MD5: 38bc4d603488cc1bdf138a94299c719a SHA1: 5d2fade9ae38856a1651e4d9adcd5e1defdf44a8 SHA256: 700f05e8c8782542b907f30658135ca9d809de5993e4fe4f5979d75697cc1f7d	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-f670bb2a-dbb903142dc9.lukitus	82.31 KB (84282 bytes)	MD5: 87422ffe4d179c759661451418dc5c0e SHA1: f7a56f39047837c4d9eb0c17aece9148b38a67f3 SHA256: e3052feddeb687b540cf36fbc2f353a77beac747ef2baf1ec2d2f668116229e4	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-69cd54eb-8041b408a46d.lukitus	30.12 KB (30840 bytes)	MD5: 527a009eada45914230997dbe319f744 SHA1: e9ebe047e60645131442e4999dbbaef4b4d72d55 SHA256: 92ae45e2789eeef9af01d394c7586046d0ba7c18beed3acc081b3647cbb3d8b2	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-25c14b11-af52ace93c08.lukitus	23.71 KB (24282 bytes)	MD5: 28e0fc035da4b2cdf85f74342fcbe79d SHA1: 00aaefd97a6bcce113b08407b97301dfcac679ee SHA256: 95109a28540b2216b4d2491da0b871bca5e9c69407cff7ed2b1ab70618e7fe6a	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-63bebf75-6e4f6b50a466.lukitus	100.03 KB (102432 bytes)	MD5: e79ba289e2d4677465c0b352e8b31a45 SHA1: 7568bfc6ee9542d5d1888dd7b796b4a4741bcb19 SHA256: 12f426255c244da1ef318667f562233e7d52ea34dc614f94561e478ee4346c02	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-cfa9a4ca-c26c379710f3.lukitus	57.95 KB (59337 bytes)	MD5: f8e8da7c94060c384549189ad7e9a85e SHA1: ec519505672ac06ab384dac4a6fa3d955a72f91f SHA256: 978ecbea2eed5472b4a16c113db07aba71c9a29e0aa666052a421690d6dbb5cf	File Actions Show Properties Download
c:\users\aetadzjz\music\qis5lomjg\f56924be-9663-41bb-085a70d2-baef6bf91be0.lukitus	82.21 KB (84182 bytes)	MD5: c04e000a69cf0d784dcfecd3f7572e80 SHA1: 0fdd43461e5afdbf61284b55555a9dcb45f8346b SHA256: 60bc2a7d92061560c6d097fe903729cb8e302c280a84c57a80629fe25b387d0b	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-9fe00690-5be45d83e6b9.lukitus	28.53 KB (29216 bytes)	MD5: 9ca72d4068da96a387e6392bf4241fa3 SHA1: e64d9e73f82986b365da4b34e9e020f7c55571de SHA256: 7cbe132bdec46a9cb394f6c6ca57a84edeaf770d385cecc23b3504fbb01205d5	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-dbcbc906-02de713df07b.lukitus	34.61 KB (35445 bytes)	MD5: 9d8f05c7fa3f17c4c1cb8a150bead52b SHA1: 0ce59d13adeda605423db1c4676a3ad9b022455e SHA256: d4c6a8e910d320d7af494614de77895bdaf2c70deb5de28d1586f764bc72061c	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-c35b48e2-8851b50eb3f0.lukitus	76.13 KB (77957 bytes)	MD5: 6c45ed783a20717bb246b66194afdeb2 SHA1: e464d7ff8e610668d9e25e8f4f458a5fbcf7371a SHA256: 548c23541add5a2533d53033bc25656d8e8d23ddcfca75171dac5503f9057e43	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-a9f24c29-70ce3c53b5ef.lukitus	78.37 KB (80250 bytes)	MD5: e134b68ea240a77b60839677c62b4e80 SHA1: be2d5250b8280fdf5aeb7723c42295520f25ba3a SHA256: 0d157a8c158dc633e4132381d26a851dfb9db3301d63ba3a8999ffee87dceee9	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-fb222ab3-c8884d7041dc.lukitus	22.31 KB (22842 bytes)	MD5: 22b1bef97fb7c8d48bb1c1633447ea72 SHA1: d656b5eee687b4521fd37457595d7a988e9213ea SHA256: 726fba39afe057b9496a033728e6347d3f0f61157cd458d181f1370280da0092	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-1d408981-c958dff9603c.lukitus	39.06 KB (39994 bytes)	MD5: 7dac62939254c5ee724eab8baa666234 SHA1: 53fb6c22d4791e153b049f5879548dee66b270ca SHA256: 3aac024af5b5d6868acc10678110102c9f36bdb38cd84f363ea34d8cec9e2ee7	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-d452c080-ea561ca54681.lukitus	53.37 KB (54651 bytes)	MD5: 259ad629fc43052d44e053a2e4f6255e SHA1: 4d0f3f58225dc39aabed48f172b0660078a81274 SHA256: 0161073e077b6e1a3650501b67100b3b56dcc0ecf28415788b51db269b1a6a01	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-24bb1763-4852852a6d22.lukitus	14.83 KB (15187 bytes)	MD5: 46c91fdcad6cf3fd10fff4f24210f6be SHA1: 683da0f7d3c641dffae4099855ca00be4f031f65 SHA256: 2ead205eec2d739201e209a84c0e6ef8ea608569775cd1341ffd3627c51b98ab	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-db63bf46-1adcd8c466e4.lukitus	100.34 KB (102750 bytes)	MD5: 688abd0ab7bde445363c651a8dddb420 SHA1: 3379dd7340fedc09f4c84c0d711bb6be6d97457d SHA256: 77747dc67090ce03d1c92174ae682dfd794f32c0bdaaf3c63146428d65dcd234	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-a2de357b-0dee598770ce.lukitus	77.40 KB (79253 bytes)	MD5: f1897eb375886c29b3bb58cdeb1e6d59 SHA1: 25bd3908d4b46f172731ab4e9884fcaa8fdcf942 SHA256: c5a30b160b8cb332a7b573504c8b11c21f305d53cd4ff816597219e342e253ea	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-5252dc25-66a07229c2e2.lukitus	35.81 KB (36671 bytes)	MD5: 9a231b3055fda7177f92291c49411a98 SHA1: 348dcceac3d2f6108b89d72f28538b65778566a5 SHA256: fd019c2bad4d8fd4590e3b280677c3ffb39a437803cb306f8fb0a4db9a323b26	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-ec268a58-9f88b8863de1.lukitus	64.24 KB (65782 bytes)	MD5: 8ad153dd6bce94f8d1a84cf049f74600 SHA1: 67346109fc8e0d481ac5e55d0a2ab6a1bbd45e88 SHA256: a418dced3cb9198b0b028347eb57a5042f11d091ae54c507489aca80fe0c286b	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-b8f49f95-f22f2a860953.lukitus	3.42 KB (3507 bytes)	MD5: d1be15064fde393875ec13209434815e SHA1: c8e39e8e1dfe318ef978a3a35458b0f157355fe6 SHA256: a5146ba4fe73ca7a449fe450af91aea7598b9fd41f0d5a25dafb1a28066a6609	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-ae89f080-8d2cf75e7b09.lukitus	6.86 KB (7021 bytes)	MD5: d53b58628cfcb2f92a628f6801094ee1 SHA1: 948e66ce622efb2421c61b1c01a3bd0b8f0e7c32 SHA256: d5708115123be56a4a45f9ae4ac2885abbb1dbe5f6882f992bb1e8517f1dec54	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-1ce0b2c6-914f0c6c68e9.lukitus	84.92 KB (86957 bytes)	MD5: 408a6040b4e2fab164e1d4f4c97ad1a1 SHA1: 9ec4ddb5fb5bcfca0a26e6fa8ab400e255c17d94 SHA256: 2eea8e15ed3234a94f69110e4c946f887ae243104cdb320ee4a296eed8967d93	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-55b2160b-4b57c0d92397.lukitus	26.00 KB (26623 bytes)	MD5: 067252106fb22407c3a59bea275016b7 SHA1: 372ca3f7baa13c1682308609bb577a77949aa08b SHA256: dd0afa1260efa943debb2946d304760b340fa68304afe7f16781d9db1c3312e3	File Actions Show Properties Download
c:\users\aetadzjz\desktop\f56924be-9663-41bb-3fcf7e2a-e81a367bf706.lukitus	83.92 KB (85934 bytes)	MD5: 838bbff7d30530037e60f0db95b1f4b5 SHA1: 8fef3c275f4a6c95844319921adb2ee8d2216f7d SHA256: 56815971ad0ebe4992e1e5660353bb18b40fc53380450f95988559b5167da304	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-51fecb82-ffcd7a7b4612.lukitus	3.26 KB (3341 bytes)	MD5: 5740358983c3e255afe2f3a83be38f45 SHA1: c642ca2aea02126c6dd567f596b235dbd0b065b3 SHA256: 2290a70fe09e2f76ef4c3494a153dc65bb39e5373880b5f2ba8a9d99a5f72843	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\alldt37so 5xcj\f56924be-9663-41bb-b1710be7-dd08c11b7fef.lukitus	27.45 KB (28108 bytes)	MD5: 120f764a0532c59275d1f3d9e1f4069e SHA1: f44f3897b9ab4fca51353df7339b0c53b4198a9b SHA256: ae04d627ac34b01e4e482212de1b7e91248a4b3f6d2da23f3a4eecf9e83b26f1	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-0be52a62-0d79b43742f3.lukitus	66.79 KB (68390 bytes)	MD5: f00c99f41344338948a8770d37d059fa SHA1: c830e67d96a30de8190ef3f3b92d86ac8a9169e4 SHA256: c32462e95e4fec0464d5c6f518cf42b5e69e8b8053dea4974c7adb2cb4eb8abd	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-5915827a-35cc304703c8.lukitus	24.39 KB (24978 bytes)	MD5: 8cb45793aa531604293c54708f0b3572 SHA1: 6324d6e3993c14c1c0f3dbfffa4795fa0ac90355 SHA256: 012aecd1a1d0b90c68671a9de62800bf93fe16fac2748b2f1aaf924f525c0e7e	File Actions Show Properties Download
c:\users\aetadzjz\videos\f56924be-9663-41bb-165e2571-3d1f7bcd1a64.lukitus	85.56 KB (87614 bytes)	MD5: bd747e7eaf7f74d4b53075bb89f51e08 SHA1: 6af46424a520289a176c182cdacc0a39f629c600 SHA256: 82c528ec5ceb79cc7d1f5faa47afe50b515ed58e10f66a54799daf6dbae9ca1e	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-ad0f9d60-fc98f622fdaf.lukitus	14.07 KB (14403 bytes)	MD5: bf928ec856820e18f9d3e4138784ebe2 SHA1: d265ea534b0294cd17499d5bc6338ec0c23fe795 SHA256: 8bfdee965a60673890a36a1c123a5f8ddf928bffd51678cf2e31904aa854b17f	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-5221e3eb-ae9961740b1d.lukitus	41.36 KB (42351 bytes)	MD5: 5603615584c0bb164ef270554131aa20 SHA1: 8a9d37ae3e1e9a12d95d8382f867c3cbacaf56c7 SHA256: 041effeec859e2a328378b17e2519cde46952e126c65c40088a54eb10ef0c829	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-11db606c-975b3b3752b2.lukitus	31.63 KB (32386 bytes)	MD5: 56f1ae52071314f7e34aa5e9b085f64b SHA1: 56ae13bb83b07122399af1e7eed28ca10031a26d SHA256: 34edac547b0627a18549a0eef4f8585c64ccd62861c0378c969b32e1859448e7	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-603c0e3a-fcb2203116a2.lukitus	16.46 KB (16853 bytes)	MD5: 61939f055f45fd1446bd80cd43c3b520 SHA1: 3bcc3c022a132c2acfd4dcccc5ef886b2d846fa0 SHA256: 8e42952087b32c6d5f3cbe47288108c6e16fd493375c4de6b2da2c95a2dc55f6	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-75bcc747-2718c1ed972a.lukitus	90.17 KB (92339 bytes)	MD5: d661c4e7d2f17fe51cf748c5c6106eed SHA1: acfe817e31f4f0a9b404828db8adaef649ce59e6 SHA256: 9049a85acf7fcf2f967094b5975344796952946f516b5af565b1bbe743529da1	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-4b0f12d1-ca564f6cf8e9.lukitus	34.71 KB (35541 bytes)	MD5: 571fe4aeb25b128c01be131af5144649 SHA1: bb1d78aa67aa148cda814ed8502428ce8b18146d SHA256: a27ba12304af4242a75723280f7fe0994884776a017bce38d909a2d79fac60d2	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-67143ce2-1f8f7e2fed94.lukitus	90.62 KB (92792 bytes)	MD5: aa53a594fd9c19a4e7f273a52d4feb81 SHA1: f6290016a5495b73f2255b279e7d735b57531f98 SHA256: 5e1dd59328eb93902adddd3cbe6a347b6ae740639b8cb22d057a6379032bbf72	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-c97e94d5-143f175be5a4.lukitus	84.71 KB (86743 bytes)	MD5: b5ba93e7deef72cbfaae83f2bb8eee05 SHA1: 446e8f6efe27297697efaa26724404e037cd0864 SHA256: 545d7bcd71ecafa39b3f04569e2e22b978293087b176f43ad4b42e08366532d0	File Actions Show Properties Download
c:\users\aetadzjz\videos\4fq0\f56924be-9663-41bb-994d93da-180f73254b26.lukitus	58.90 KB (60312 bytes)	MD5: 54db4bafcc17d1e7225c6cb6eb859f8c SHA1: b943e46ddb39d57d243ba9a9459ce11c4afed928 SHA256: 93acf39189250cffdee9d779d364e4bea2bc59858457ecf0710ce11c8377d83e	File Actions Show Properties Download
c:\users\aetadzjz\videos\f56924be-9663-41bb-e7ce6b36-6ff2a591ca6b.lukitus	53.68 KB (54972 bytes)	MD5: f66d6520380c9349940f6709b3ddf1a1 SHA1: 5708b28b11de725c2c19c968284eca8d9d3212e1 SHA256: ffb5e75f62f1e012d9685cbaf5c0409cd3d4ecd5dbb29b9d4ffc194dc0031103	File Actions Show Properties Download
c:\users\aetadzjz\videos\7 hnkoouqhuupb4wbn\f56924be-9663-41bb-f403e2ba-f520d5a5373d.lukitus	59.92 KB (61356 bytes)	MD5: a8d3c25da4a9dfe1c82502e4b938822a SHA1: bfc59bba3c19965814ea6f4b91b4ab2e17bcc450 SHA256: 8bb20981da5b3d8cf08616fa0121d85f960340c162b667ff2cce872eb660d090	File Actions Show Properties Download
c:\users\aetadzjz\videos\7 hnkoouqhuupb4wbn\f56924be-9663-41bb-6cee6528-76d95b986ef6.lukitus	99.80 KB (102198 bytes)	MD5: b79f218bcd01cb004ea19607b3b166db SHA1: 600da0e928cf1abd7054c4d32356990dc8d2ecef SHA256: 0861d8b594d309f6173f9b6fbe0233586642808d918920bc1c50aaa58309b19f	File Actions Show Properties Download
c:\users\aetadzjz\videos\7 hnkoouqhuupb4wbn\f56924be-9663-41bb-c00efd39-06b140a3fa21.lukitus	18.76 KB (19215 bytes)	MD5: c7b47747946c3556b7518f90c65c2e36 SHA1: 23c412c7b01139a182bd5e63aae60ad2caad00e3 SHA256: 51710ee201327cf74c282bba2ee3f9c94cda50a742b4343d7761059d6345cb66	File Actions Show Properties Download
c:\users\aetadzjz\videos\f56924be-9663-41bb-6295a539-7a67cbeddb7f.lukitus	61.53 KB (63008 bytes)	MD5: 3c27319eb253306db714b17203eca4aa SHA1: 0c369f4de822c4b31ad5ac44ed28cd6c1af5b538 SHA256: 7a408d03b467136cf757e259225c178eae9167bcf0f55c144307d09a239cdd07	File Actions Show Properties Download
c:\users\aetadzjz\videos\gq2odslvtx32ro7-upj\f56924be-9663-41bb-b99ef73a-c9f832abeec4.lukitus	36.31 KB (37184 bytes)	MD5: 699483b18d58231bc9fb17b6a309db2d SHA1: 94fb16af4c4376548de5b21c0e07c85ecdcc8ff4 SHA256: 819d40027e16332a35fcfcdc0e2dc691150b774b733d0bbe8cbf59acd5d3ba95	File Actions Show Properties Download
c:\users\aetadzjz\videos\gq2odslvtx32ro7-upj\f56924be-9663-41bb-65151815-9ca1b64a11e4.lukitus	27.75 KB (28418 bytes)	MD5: cba2f2bf8e9063cce67c432a9bfa59ac SHA1: a837b39f6943b6ee0d3de4cae96a34d5c3388e77 SHA256: 6811020799539ebeeb594ef725f6447157c1837a3e8b5f3369168ce860511062	File Actions Show Properties Download
c:\users\aetadzjz\videos\gq2odslvtx32ro7-upj\f56924be-9663-41bb-3e6508bd-d29b57d1c2ac.lukitus	31.41 KB (32159 bytes)	MD5: fc0528505b83da7f0838afe43951727d SHA1: ce35707989f8e3bbd3637f977e417dde2a5bf444 SHA256: dda28e4837bc4c79dc2e74cc808d1659b9580ed31c066bdaf4b57da6c2891eb0	File Actions Show Properties Download
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-d017408c-a1c491103b3c.lukitus	56.32 KB (57675 bytes)	MD5: eb093b328d9293d50baf829d165cbe30 SHA1: 826e1b46ca1566992f40c5b2be6f89613a28fcb6 SHA256: eef94175368709f31f5079f11a6a3450aa4f298ed1eef07f5430c52f3516e28b	File Actions Show Properties Download
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-45ed5ae6-c311e03f5420.lukitus	31.45 KB (32207 bytes)	MD5: c4625cf93087a53767363d3f02c9e530 SHA1: 36a42aaf330ce3bad9f9613435a8750b4443fd68 SHA256: 3c813d9ba0c018963546881c63d3dd57c92c4058adf8e9bce799cd89f180cc6d	File Actions Show Properties Download
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-5163fd42-2b989a19c670.lukitus	80.21 KB (82139 bytes)	MD5: 80b1947b66ae98de244465a9f5a683a7 SHA1: c9e4e4e810ccedaddce1c5b7eab009c91ecd9194 SHA256: 5da3dcaddc06323cd53344a3fddd697d1b9f2d678f8fec9834aeb347db922b06	File Actions Show Properties Download
c:\users\aetadzjz\videos\h0hlik4-okrqwtjckj\f56924be-9663-41bb-4bd5a65f-19db8aef6518.lukitus	36.09 KB (36959 bytes)	MD5: e32d72bfd844007d427df0c9132e4c22 SHA1: 3dfbc796f87d6cda13dc456ec74df3084a65d774 SHA256: dc2a464f19a3afd37924a1d51cbea7db1b5dbb4f93a45bb1d2a7681e79f80fae	File Actions Show Properties Download
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-09d24d7f-1993d32c1fbe.lukitus	90.54 KB (92713 bytes)	MD5: 9b6731b3f77a395388bc63e30a5911da SHA1: e6c16361560652d8b8dcaac9ab29fb4468266b8f SHA256: 083b26bc2e88cf153d42b6f5089d035b44f0e5a266a474b82736426858c4e08c	File Actions Show Properties Download
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-b340460a-8184fda16b6e.lukitus	42.05 KB (43063 bytes)	MD5: 21f3b01113a99156755c9069aaf01c07 SHA1: 304c3f70532416128806de045683184cc3f76584 SHA256: 018bf8a7fe4c8d8c54590c512b03537b9fd96b621148ef0051993b19fb856025	File Actions Show Properties Download
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-693a5b37-95aafd86e03d.lukitus	67.79 KB (69414 bytes)	MD5: bcbcb1cdbd40ddcae46ab36e8c8518c9 SHA1: 771858b88759f48686c877b9a23c4cd876d018fa SHA256: f2fe751b43659b6210d811d0ecb15a178a3090ce3ba8df5475dbae1785324b0a	File Actions Show Properties Download
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-03b5adaf-240c69733345.lukitus	93.10 KB (95334 bytes)	MD5: c24eadb3953d4066b2adc5acaf6a448b SHA1: 3df74e510303b8f3f7e9df74ab572e42da0b630b SHA256: 64afb51e3699402697d173b45bc1e58a6e49321e06aecece8c01d5c7666760df	File Actions Show Properties Download
c:\users\aetadzjz\videos\h1uvhzax1oe 6hqdg\f56924be-9663-41bb-4a8325c8-d3dd48fe9b0e.lukitus	55.13 KB (56452 bytes)	MD5: 56643e679f0b7a48d1d2400c481d6e67 SHA1: 444ea7793a3b382e60f62b1db8c5822b8413cff9 SHA256: 51f167799570293e6986b0f4a9403ab1753e81c5ad92c246065cd9ee779001c8	File Actions Show Properties Download
c:\users\aetadzjz\videos\f56924be-9663-41bb-8a8002ee-8eaa9e43ea07.lukitus	44.07 KB (45132 bytes)	MD5: 21f75e218d8cebb3151fed997798f097 SHA1: 5bfb09142e763f477f2b43be39d470704d8102e6 SHA256: eb911b9f9ba7e9374dccb891aa3949a9da4b9297cbee558f1dd727e0ee8d91cb	File Actions Show Properties Download
c:\users\aetadzjz\videos\f56924be-9663-41bb-6dbb5e47-dbebe7a5fea3.lukitus	61.15 KB (62617 bytes)	MD5: 62373a720fcb4497f5f0ddadc676f2d6 SHA1: 5b17b9c8821bd43f499f91ca9e1de7b39ce82474 SHA256: 3f30f28a1a8c1abde66e7604dc4d6650da4378af9d25a79743a3e0f9e57bbe21	File Actions Show Properties Download
c:\users\aetadzjz\videos\f56924be-9663-41bb-113d17d0-3236fcfae43f.lukitus	14.20 KB (14537 bytes)	MD5: 6e3921cc546b4007b58cc6228285fa18 SHA1: 6227ac7558249be71b9639fd7165f2a563e1ac98 SHA256: fa60f1a8fcb458396b0b6d35f7f85a57c86f82e15cf74362d0523c5ce534078b	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\dmod_l2_n\f56924be-9663-41bb-451c9042-7acdca4814ef.lukitus	11.83 KB (12110 bytes)	MD5: 65e85a90d35220c43e98c9e6a0d1a457 SHA1: 0af57082feb3df53070ed8d5209d786cebb5bb7a SHA256: a779bacaa948aa5a52fa81cccd0ab569526f7ee26f620f3482d329d7b2b2f3c7	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-d6925dac-48972570b93f.lukitus	15.19 KB (15558 bytes)	MD5: d9f0f7dc3adf14a1f811b408c6d47126 SHA1: 16293d9d722cd6943ee639ac37908c961e10e11b SHA256: 3ee535b5e084b25c0ee1ad3d37bae7b8ddd34addb2b1fbe12899a09a73933905	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\f56924be-9663-41bb-80b53f29-ccf6dcd53775.lukitus	82.41 KB (84388 bytes)	MD5: 646e8e0e0aab24e7ecf0e33f802c943c SHA1: 91428ffa3f3bfd1e3382acc20ac003aefec044bc SHA256: 87799c054f838612a6674db54a58eb518f21e48da61a5289d353c450ec4d4cec	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\hmcn--w\f56924be-9663-41bb-9f971724-7f39278f3e87.lukitus	25.55 KB (26163 bytes)	MD5: d9e667726b2b35a90411d993cc07ebd1 SHA1: 50bf11d477674d1cd6f4ca5297dd5d50e1a7f6f7 SHA256: f770bb0a9edcc9d54123230bcf5bf75dafaae641f33e2b3956e97d749bb657bf	File Actions Show Properties Download
c:\users\aetadzjz\desktop\zzg5e5yf\hmcn--w\f56924be-9663-41bb-5c2ab183-dbfca67372b1.lukitus	6.60 KB (6758 bytes)	MD5: 2f99738b4fc865ea65d4103f47978aab SHA1: 357a466e2ef0b71f9f78bc582005ad89f92e9aa0 SHA256: 7aac1bb4236eea8f1ff7cc8855584a5ee941b3260b6aef2ce1c6c9b497f6d554	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-370a4c85-1f80ae0d9c7a.lukitus	41.24 KB (42234 bytes)	MD5: f6ae64125b4601fced0a37e4350104fc SHA1: 166fac48e9533bf01391c780e2de4ef2508bf79c SHA256: 8c08c19d8810a389585cb5673c40b474e2f7fd74cf72767f214ce2bdcfad13d2	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-b3b4d02e-9e627b39c235.lukitus	71.85 KB (73576 bytes)	MD5: 21d6f837de95e3045a4f9c4ed82093d8 SHA1: ec8e7e4c66b653f98ca39f5daaad1a74e4a3f602 SHA256: 9a8a01a76d6bdef3777edc7996970d3532642cecb8fc0e0c700afee1f74880d4	File Actions Show Properties Download
c:\users\aetadzjz\music\f56924be-9663-41bb-1bb670a3-7ca494bb8764.lukitus	43.04 KB (44073 bytes)	MD5: 07f2114b7ced323965ffa3ec2b8f0138 SHA1: 9b8142e6832b8f2a5c54163a4e120d2c6b8a0885 SHA256: 5d6d7407daff418ee2354c24a23cda65fc5e985be5f61794d4076cafd4714c16	File Actions Show Properties Download
c:\users\public\music\sample music\f56924be-9663-41bb-e7ed6fe8-82778b4cb908.lukitus	8.03 MB (8415285 bytes)	MD5: 709257a80b3b18541487dfa0e6c88ecd SHA1: e89ad8af75f9ba40dd1e4c1d81b97752a4ee235e SHA256: f1cf2919f4318e27423f9e60717b486d6a4a932bd847a2e86128303c0d1dca9e	File Actions Show Properties Download
c:\users\public\music\sample music\f56924be-9663-41bb-fcd298fa-818189779de9.lukitus	3.92 MB (4114710 bytes)	MD5: 5b7b91781670dc88fcb3e6bc97d07058 SHA1: 9d222b8020776d85bdd2a4451193ada595156d22 SHA256: b064f2b116e0fad51b4e71ec9dc7a44a7f0bf0ce4a6cba57d7ff6a9f6dd49096	File Actions Show Properties Download
c:\users\public\music\sample music\f56924be-9663-41bb-adc81ce2-94215817fae5.lukitus	4.62 MB (4843421 bytes)	MD5: b3505969d7586b2762b7efa27a13c4d4 SHA1: 41503f95d7fc58a514dc88939bd065d5623d89b2 SHA256: 1500b64cf32e095d3be75da6db2a120291238ec9e61a4b0cd40acfec890140a3	File Actions Show Properties Download
c:\users\public\videos\sample videos\f56924be-9663-41bb-4b442157-696184c15ed5.lukitus	10.00 MB (10485760 bytes)	MD5: f0aab0fac27ec5381894722b56cfcf1d SHA1: 8fedf2d827c595e483d54c93f5edad64d07a81b2 SHA256: d4c78548aae642cba515ef0ea0dde187e8a9ba95374a5bf1c5dd0da115f5fbd7	File Actions Show Properties Download
c:\users\aetadzjz\contacts\f56924be-9663-41bb-9708d0b4-8ff0aa0a752d.lukitus	1.97 KB (2014 bytes)	MD5: b136ebbd86808f0def58ba9db07b8293 SHA1: 91b7ca75eeae0cb8a25c694f993346cb4a6845eb SHA256: 3f35a29480968a2bff51a10c63c09aa4a37a9acef1187c4de16b012802d39716	File Actions Show Properties Download
c:\programdata\mozilla\logs\f56924be-9663-41bb-8141530e-5b53d2beefeb.lukitus	0.98 KB (1000 bytes)	MD5: 28e3f1ee8d1f89dd67c5cbeb38519b59 SHA1: 9997c51e0da6f8877b561d18349ddd33da33572a SHA256: f4067ce0d6499fe8e49d157758bbc2392f0007ff2505a529622ba3d61e0a5a69	File Actions Show Properties Download
c:\programdata\microsoft\rac\publisheddata\f56924be-9663-41bb-e502c16e-31b2bdf7f726.lukitus	468.82 KB (480068 bytes)	MD5: 4fd473699b4e1a06e46ee3b3d3b49fcb SHA1: b78f6610bfee61249f4d11588c5a1fbb261d24e7 SHA256: 3e65a3ccc624929cc36e5f73078af23289073b124737716b03a5675d405797a3	File Actions Show Properties Download
c:\users\aetadzjz\documents\f56924be-9663-41bb-3e83206b-222a0eae7c38.lukitus	352.82 KB (361284 bytes)	MD5: 000f0ecf36a612c28663beebd117ae15 SHA1: a32a40c1d2818937ebf40053b7ac1baea2cc9443 SHA256: 1c7f13fbe2f8107fabc8d88cf0959fc9327bc7c3adac817203f91a630ee2883a	File Actions Show Properties Download
c:\users\aetadzjz\contacts\f56924be-9663-41bb-75322ebb-be90a9784f44.lukitus	1.96 KB (2008 bytes)	MD5: 482c4a0d2f15c328cfdad3eb83ac896e SHA1: 533578ce5d74c6c59c63374c03571b7a577f3bf1 SHA256: 5410a819c15ea7c8e7e3d2012c684cccf4cc9e15a6a16f68efe60afcfba57a8b	File Actions Show Properties Download
c:\users\aetadzjz\contacts\f56924be-9663-41bb-7bce8b0a-b14ed50b7b3a.lukitus	1.96 KB (2010 bytes)	MD5: 562510b6f31bb8ded7335a656e4322d6 SHA1: b2d406452e805aa230cf72cc8d1299adcf875ffd SHA256: fb89ad7ea3352472d4f1e45e12049ec46907a5dadf7680684cd39022bdb9cb73	File Actions Show Properties Download
c:\users\aetadzjz\contacts\f56924be-9663-41bb-432d0a28-59fa3e7273df.lukitus	1.97 KB (2013 bytes)	MD5: c86b88bbaa105cb200629e054eba49f2 SHA1: 686e61001db4019dcb1686a47b3e44f8e12ed65e SHA256: f3b4c7e3ea7102f2b717ca08384b058c1eed0392592e88d53faff45c2d2cc8af	File Actions Show Properties Download
c:\users\aetadzjz\contacts\f56924be-9663-41bb-e1736bf8-b7b89fce74b3.lukitus	1.96 KB (2007 bytes)	MD5: 1c91b3916354c9c534daff8d7f1158ce SHA1: 35c1cfc74e4c3808e68a5d1beb34304438d9f5d6 SHA256: 9027a85c890092741d89f8e642dd731d112816a1a53497ddb8b6c053dbb1e54d	File Actions Show Properties Download
c:\users\aetadzjz\contacts\f56924be-9663-41bb-b8822c87-6d1307967b76.lukitus	67.60 KB (69218 bytes)	MD5: 0ec7928e304746303c71dc29961aa791 SHA1: 5028d1a5874c2a8c7c5b92d2f391d7bf6779d207 SHA256: 8027ddac200942373f2a5b6668ed49af4ad946086e19ddc6a1323d4c8fe32410	File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\programdata\microsoft\rac\publisheddata\racwmidatabase.sdf	468.00 KB (479232 bytes)	MD5: 80039ca09841855c3ee8ec73cd941036 SHA1: 4480cc705cd39cf26adc2f7cd58561cd92e691fd SHA256: 1515834129378b5fd8759b35c1561ae7413b34d6879c5ad6f10cb9828de77201		File Actions Show Properties Download
c:\programdata\adobe\arm\reader_10.0.0\adobearm.bin	374.33 KB (383312 bytes)	MD5: 8ded640a6e355cadf1df2b462bda48e1 SHA1: f0dbde76b2c3ca0e60ff37ae5eab2204978f420c SHA256: dc155298478f78533c31b2d2093dfb992ed2b2ee957d753a032ef053bcce110d		File Actions Show Properties Download

Host Behavior

File (1538)

Operation	Filename	Additional Information	Count	Logfile
Create	c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\lukitus-2446.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\lukitus-547b.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\~$098073.doc	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\lukitus-b59f.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\098073.doc	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\098073.doc	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-93FF195C-3BB52D679DDB.lukitus	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	c:\Users\aETAdzjz\Desktop\098073.doc	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\GQc8.ots	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\izRfTW.odt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\C5Ehab.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Clg5pDW.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\r1_647.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\czmBJ.docx	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Sun\Java\Java Update\jaureglist.xml	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Sun\Java\Java Update\jaureglist.xml	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Sun\Java\Java Update\F56924BE-9663-41BB-0FD4E971-761D2214F09F.lukitus	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	c:\ProgramData\Sun\Java\Java Update\jaureglist.xml	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Desert.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Koala.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\uoE18q.png	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\dOHwDq.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\j-scGKW u_.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\NzdrgktZ.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\qKMaBu0E4qs17fQHw.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\rhjg7pMy.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\RpIimbK2wdoSlqmx.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\SSm4dCFGv.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\ttLID7ogL6LUJu1L5.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\v6Xlq.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\VDux-7HT2lWMCS_sfY1E.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\wiwYP97gesozht.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\xdiH1Dx3ohQnc.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\qiS5lOMJG\YDlFcD1yCL2Rp7.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\uG775ameeOobeX0HE.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\upnIa15Gc.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\1E2KN90cFWYD.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\aMCimEHovpv.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\DeN-pBWXL-QGo4Re.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\i97TREDet3.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\IIJa.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\l-Vn7zJZk5KM rTdu.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\N0q0_jKdd.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\PQ4Ji1zlt7H.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\PxMz-DaEz.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\q3jafQj919wjB.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\tdJtW4XGAbfx.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\TQO7VlrhrN2iROvxW.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\ulQERW_UXqYGHPV_.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\W-MpCtMmi.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\yv8TpvMdu0.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\4csml7.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\Da3Cs8ioIcfSOE.swf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\59JR3lNu.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\WjX4e.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\2O2msMjE8 v3PZje-.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\25w3DegZoT.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\7nbksoZkyYF4fahzyE.swf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\h wpWI.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\I_LPQZX1r2pOZ.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\mdlkCE 7Mu-OGE29yaZ.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\UETE8.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\UoYsAzDu.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\W6ZB3DB7-xAUK1zZacTk.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\4fq0\z AIP.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\6PLcPv.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ryXtE3BJzHtC.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ueTgIfGdCBC8HX.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\_DXKgbJSQ.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\bRUXQf.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\-SEWASLi_AhMGq.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\Herk5RK.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\WTGYwX_xAAyiysOv.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\9ELHlX71.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\hU-6eYaCn.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\jHPdC0WPi4JYh1.flv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\wKIU.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\BmSmMoZk2gCziPMvpsZ.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\eSi7n7P2AfSI0U.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\G36Xd28j-O.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\ROpsn4ybvdCclm8gHa1.avi	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\Z VwmDF.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\HktBrKL.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\rnbs_ lcM4.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Videos\YDhL-_Oa9J5GrHs.swf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\zmW_Fl42FVSkYv_yq.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\Eq2x ys5Wy ICJP.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\fSOLDrtbCkwq.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\2ZAx.swf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\X1J-XzbtNP4bcL.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\0j6ddd daqyN2jsKY.wav	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\AETaDb8fj.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Music\agMKSA0gka9nzokIE.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Music\Sample Music\Kalimba.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Music\Sample Music\Sleep Away.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\Public\Videos\Sample Videos\Wildlife.wmv	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Contacts\Aclviho ASldjfl.contact	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Mozilla\logs\maintenanceservice-install.log	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Mozilla\logs\maintenanceservice-install.log	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Mozilla\logs\F56924BE-9663-41BB-8141530E-5B53D2BEEFEB.lukitus	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	c:\ProgramData\Mozilla\logs\maintenanceservice-install.log	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Microsoft\RAC\PublishedData\F56924BE-9663-41BB-E502C16E-31B2BDF7F726.lukitus	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
Create	c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Documents\Database1.accdb	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Contacts\sikvnb huvuib.contact	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Contacts\lulcit amkdfe.contact	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Contacts\chucu jadnvk.contact	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Contacts\asdlfk poopvy.contact	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	c:\Users\aETAdzjz\Contacts\Administrator.contact	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_DELETE	1	Fn
Create	C:\Users\aETAdzjz\Desktop\lukitus.htm	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Create	C:\Users\aETAdzjz\Desktop\lukitus.bmp	desired_access = GENERIC_WRITE, GENERIC_READ	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\~$098073.doc	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\098073.doc	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\GQc8.ots	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\izRfTW.odt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\C5Ehab.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Clg5pDW.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\r1_647.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\czmBJ.docx	type = file_attributes	1	Fn
Get Info	c:\ProgramData\Sun\Java\Java Update\jaureglist.xml	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Desert.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Koala.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\uoE18q.png	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\dOHwDq.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\j-scGKW u_.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\NzdrgktZ.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\qKMaBu0E4qs17fQHw.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\rhjg7pMy.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\RpIimbK2wdoSlqmx.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\SSm4dCFGv.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\ttLID7ogL6LUJu1L5.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\v6Xlq.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\VDux-7HT2lWMCS_sfY1E.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\wiwYP97gesozht.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\xdiH1Dx3ohQnc.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\qiS5lOMJG\YDlFcD1yCL2Rp7.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\uG775ameeOobeX0HE.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\upnIa15Gc.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\1E2KN90cFWYD.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\aMCimEHovpv.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\DeN-pBWXL-QGo4Re.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\i97TREDet3.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\IIJa.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\l-Vn7zJZk5KM rTdu.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\N0q0_jKdd.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\PQ4Ji1zlt7H.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\PxMz-DaEz.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\q3jafQj919wjB.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\tdJtW4XGAbfx.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\TQO7VlrhrN2iROvxW.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\ulQERW_UXqYGHPV_.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\W-MpCtMmi.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\yv8TpvMdu0.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\4csml7.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\Da3Cs8ioIcfSOE.swf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\59JR3lNu.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\WjX4e.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\2O2msMjE8 v3PZje-.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\25w3DegZoT.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\7nbksoZkyYF4fahzyE.swf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\h wpWI.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\I_LPQZX1r2pOZ.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\mdlkCE 7Mu-OGE29yaZ.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\UETE8.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\UoYsAzDu.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\W6ZB3DB7-xAUK1zZacTk.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\4fq0\z AIP.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\6PLcPv.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ryXtE3BJzHtC.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ueTgIfGdCBC8HX.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\_DXKgbJSQ.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\bRUXQf.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\-SEWASLi_AhMGq.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\Herk5RK.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\WTGYwX_xAAyiysOv.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\9ELHlX71.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\hU-6eYaCn.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\jHPdC0WPi4JYh1.flv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\wKIU.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\BmSmMoZk2gCziPMvpsZ.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\eSi7n7P2AfSI0U.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\G36Xd28j-O.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\ROpsn4ybvdCclm8gHa1.avi	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\Z VwmDF.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\HktBrKL.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\rnbs_ lcM4.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Videos\YDhL-_Oa9J5GrHs.swf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\zmW_Fl42FVSkYv_yq.mp4	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\Eq2x ys5Wy ICJP.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\fSOLDrtbCkwq.mkv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\2ZAx.swf	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\X1J-XzbtNP4bcL.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\0j6ddd daqyN2jsKY.wav	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\AETaDb8fj.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Music\agMKSA0gka9nzokIE.m4a	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Music\Sample Music\Kalimba.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Music\Sample Music\Sleep Away.mp3	type = file_attributes	1	Fn
Get Info	c:\Users\Public\Videos\Sample Videos\Wildlife.wmv	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Contacts\Aclviho ASldjfl.contact	type = file_attributes	1	Fn
Get Info	c:\ProgramData\Mozilla\logs\maintenanceservice-install.log	type = file_attributes	1	Fn
Get Info	c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	type = file_attributes	1	Fn
Get Info	c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	type = size, size_out = 479232	1	Fn
Get Info	c:\Users\aETAdzjz\Documents\Database1.accdb	type = file_attributes	1	Fn
Get Info	c:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Contacts\sikvnb huvuib.contact	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Contacts\lulcit amkdfe.contact	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Contacts\chucu jadnvk.contact	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Contacts\asdlfk poopvy.contact	type = file_attributes	1	Fn
Get Info	c:\Users\aETAdzjz\Contacts\Administrator.contact	type = file_attributes	1	Fn
Open	STD_INPUT_HANDLE		1	Fn
Open	STD_OUTPUT_HANDLE		1	Fn
Open	STD_ERROR_HANDLE		1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-B1DC6762-4F6CBAB10E0B.lukitus	source_filename = c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1FC77E46-75D0D332D675.lukitus	source_filename = c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-F71E2D7C-1A58C58CDE47.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-68C82DF1-14B4D804BD61.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-49CF61EE-57465675BB4A.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\~$098073.doc, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1E43A153-B4FA5BD13C64.lukitus	source_filename = c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-746C6C5A-DDDAFA9FE1BD.lukitus	source_filename = c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-D050F35D-DF08FE665915.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-6562EF8E-9356A0B9D778.lukitus	source_filename = c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-02DDBB2E-DDA7EEF606E5.lukitus	source_filename = c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\0619171273D7A52EB51EE135D94A8C63.tmp	source_filename = c:\Users\aETAdzjz\Desktop\098073.doc, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-DD1F464E-1D4279836981.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-7CCB072C-C1747AEA88B6.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-6F1F87E1-0611DE322330.lukitus	source_filename = c:\Users\aETAdzjz\Documents\GQc8.ots, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\F56924BE-9663-41BB-93122862-1B3365D6FC4A.lukitus	source_filename = c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7F7DF4F3-FEE5A0F835D8.lukitus	source_filename = c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-42DA6451-74994B3B23EB.lukitus	source_filename = c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-E0725B46-87EAD7FBFED8.lukitus	source_filename = c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-527C0C14-E324030A4A6E.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-526E1A2B-128166908518.lukitus	source_filename = c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-15FBD8AA-4D0A91F58ED4.lukitus	source_filename = c:\Users\aETAdzjz\Documents\izRfTW.odt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-F1FCDEAA-FF7F06504774.lukitus	source_filename = c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1D9844F4-6DCE132FA911.lukitus	source_filename = c:\Users\aETAdzjz\Documents\C5Ehab.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-988E0A99-75C5268FA982.lukitus	source_filename = c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-14D6A72B-E51A5D5DC391.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-65272A78-F5925D3FA2A8.lukitus	source_filename = c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-CE32CC3F-EBE8612BBB20.lukitus	source_filename = c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-CDA913E8-271056AB5827.lukitus	source_filename = c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-BA7682C3-CEEF9FBF020C.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-FDD27FFA-D0B0AF905888.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Outlook Files\F56924BE-9663-41BB-612962EE-CDA06FAA83D1.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-8C112ABD-8E26AA86B08A.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-02ED3F77-9C606D75C05C.lukitus	source_filename = c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-781DE6A6-E5A7705BB692.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7B55CF77-61F436AD3E42.lukitus	source_filename = c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-A771A452-48DD4BA9679E.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-B282F5D6-2A6D69715153.lukitus	source_filename = c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-3A6DB1CA-755757C28FE3.lukitus	source_filename = c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-A9142EC9-2EFEBC30ADE8.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\F56924BE-9663-41BB-D65A438B-83DFABBB8CED.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-BB96571E-96BBD2C0A8B9.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-41FC6DD4-65A22D7F605C.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-6C56A97B-E7E6A4AA125B.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-A60CE289-E55A447535D2.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-21F0CA53-F69E38A75CC4.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-4B69E5A7-F60E62FE4654.lukitus	source_filename = c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-541108F9-2DA524F314C7.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-43743AB0-5B4F9943C7B9.lukitus	source_filename = c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-3F7EEA71-EEAB13681EBA.lukitus	source_filename = c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-44E29957-51107F7F4923.lukitus	source_filename = c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-B70504B4-E9A7156822C1.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-3C30F310-5C6049E3F1C5.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-88736A33-A73FD1B5DB9A.lukitus	source_filename = c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-49600478-A7543DF24F7D.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7B6AFC43-B245CC6E1DD0.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Clg5pDW.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-026B0F52-B0EE23B731C2.lukitus	source_filename = c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-71AD6E57-D734BC0DC073.lukitus	source_filename = c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-7B4E72C9-EC40CC1387F6.lukitus	source_filename = c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-B233076A-F3F69BE0DE98.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-B0D08948-4AFDF1D5A73F.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-E6373D05-052CD23B85B0.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\r1_647.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-0B1192D3-83011F532CB4.lukitus	source_filename = c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-0BD9344F-59E2FD1B8612.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-16AC9B2B-CF64176B99FB.lukitus	source_filename = c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\F56924BE-9663-41BB-6533C1E4-C0738507F428.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-D49BF973-E058168B454F.lukitus	source_filename = c:\Users\aETAdzjz\Documents\czmBJ.docx, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\ProgramData\Sun\Java\Java Update\72B0CBD499699DC37CF7F45B885A2C21.tmp	source_filename = c:\ProgramData\Sun\Java\Java Update\jaureglist.xml, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-13F942E8-48EB76E84F48.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-29A7DC8C-DFC0E8056306.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\Fwkh\F56924BE-9663-41BB-44CE3CD7-AFD504F36697.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-1BCB39FD-C93E3B4C590B.lukitus	source_filename = c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-8EC36E5C-CA39E2CA23E1.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-DB3A9C6C-B4A2996D18E4.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Desert.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-63F06B4D-40748180C2C9.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-2128228C-3EF411E166F1.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-7D28049F-CA2DC98D9072.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-D0039C86-9E680BA77E12.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Koala.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-16DB964B-DDB43481F1DB.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-8EA4D603-5A2874FAE3FC.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-BEA9B2D7-58D4FA770E74.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-34C63D6D-4A50106C55BE.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-6AE0090E-6CDCB46C0311.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-3B2B7F6F-812656DF84C6.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-FA0D154B-245888D727E3.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-85AB3CAB-1A0670314428.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-1753EF9E-5A7F628573FD.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-6EDC54F4-2A6316BC2A6D.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Pictures\Sample Pictures\F56924BE-9663-41BB-AD1CA3C0-3165AB58AF89.lukitus	source_filename = c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-5D8CB0E5-0F44328ECAF2.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-0725FD16-48003B943989.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-21EA5F2C-8701A72F2220.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-5EEEF7E5-307233FEB153.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-105FD1E1-6C6BE53496EA.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-0DCFA9E5-FAF41D841F89.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-4FE46AF0-E6208DFC4337.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\F56924BE-9663-41BB-8EBDCA29-FD38B8601764.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-BFE5064B-970C8F5A0518.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-85A5B08A-605B60B6EBD6.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\uoE18q.png, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\F56924BE-9663-41BB-88881914-B3AE12B46247.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-786F2966-85DD58079D16.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-160875AB-8C16168EF4DD.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-169E6313-C430F979B7E3.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-ED8E90B1-C99EEB3CD344.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\_2aELz\F56924BE-9663-41BB-D8D6A0BE-1EEB096F86F6.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-C18F2589-5C71BF4F3255.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-A5D5084D-DECB3B0C7615.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-A080FC17-79D47057B610.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-1D9631E8-90BF411C2FEE.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-8B683683-04F707D56484.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\97sFY1rz\F56924BE-9663-41BB-ECB96FE5-208908824DC6.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-61116ECA-F6682086BE7A.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-0A72E3E6-09C6BD33AE22.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Pictures\F56924BE-9663-41BB-0F2DB1B7-ADEA5382834B.lukitus	source_filename = c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-97BFBCF8-B516116E07DA.lukitus	source_filename = c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-9D05EF54-2DBBB8A0A892.lukitus	source_filename = c:\Users\aETAdzjz\Music\dOHwDq.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-9260E0D0-755888374530.lukitus	source_filename = c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-753475AC-25E968E13AF6.lukitus	source_filename = c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-3BB4B2F2-CD9A31BA95F9.lukitus	source_filename = c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-67A2C15B-ACE8513D7DCF.lukitus	source_filename = c:\Users\aETAdzjz\Music\j-scGKW u_.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-1D8398A0-B0F041BD0889.lukitus	source_filename = c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-26890357-3E98A81805A4.lukitus	source_filename = c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-920974EC-CC3AB8381775.lukitus	source_filename = c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-2DAADF60-E156096DA44F.lukitus	source_filename = c:\Users\aETAdzjz\Music\NzdrgktZ.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-F0395898-EB4252148408.lukitus	source_filename = c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-7C24AE20-0A25AA91C989.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-FA254207-48D9BC68F536.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-3FFD1798-470C2125EAB8.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-7FC86D39-EF25D3B23399.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-8E846290-5233B81C7D00.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-F4705DFD-535CF3EF79B9.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-E9F295FD-1189F8AFFE87.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-BCF63BC1-5BBE68E793E7.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-6A36D603-50F4DEB3E87F.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-952D529B-BD0BE8B63751.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-B0BB4DF0-6CF812A4840D.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-9BD64C04-AD5D37A21037.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-873FF873-535F0466EFF8.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-5239650A-9EFDEF59C32F.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-6362E4F3-EAA74F3658B8.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\qKMaBu0E4qs17fQHw.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-661EE13B-FDFC54F63D1B.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\rhjg7pMy.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-BF55D3D8-FD0B023DC035.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\RpIimbK2wdoSlqmx.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-0B96A441-A5B4A8D7B326.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\SSm4dCFGv.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-F670BB2A-DBB903142DC9.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\ttLID7ogL6LUJu1L5.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-69CD54EB-8041B408A46D.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\v6Xlq.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-25C14B11-AF52ACE93C08.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\VDux-7HT2lWMCS_sfY1E.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-63BEBF75-6E4F6B50A466.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\wiwYP97gesozht.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-CFA9A4CA-C26C379710F3.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\xdiH1Dx3ohQnc.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\qiS5lOMJG\F56924BE-9663-41BB-085A70D2-BAEF6BF91BE0.lukitus	source_filename = c:\Users\aETAdzjz\Music\qiS5lOMJG\YDlFcD1yCL2Rp7.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-9FE00690-5BE45D83E6B9.lukitus	source_filename = c:\Users\aETAdzjz\Music\uG775ameeOobeX0HE.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-DBCBC906-02DE713DF07B.lukitus	source_filename = c:\Users\aETAdzjz\Music\upnIa15Gc.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-C35B48E2-8851B50EB3F0.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\1E2KN90cFWYD.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-A9F24C29-70CE3C53B5EF.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\aMCimEHovpv.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-FB222AB3-C8884D7041DC.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\DeN-pBWXL-QGo4Re.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-1D408981-C958DFF9603C.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\i97TREDet3.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-D452C080-EA561CA54681.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\IIJa.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-24BB1763-4852852A6D22.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\l-Vn7zJZk5KM rTdu.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-DB63BF46-1ADCD8C466E4.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\N0q0_jKdd.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-A2DE357B-0DEE598770CE.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\PQ4Ji1zlt7H.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-5252DC25-66A07229C2E2.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\PxMz-DaEz.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-EC268A58-9F88B8863DE1.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\q3jafQj919wjB.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-B8F49F95-F22F2A860953.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\tdJtW4XGAbfx.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-AE89F080-8D2CF75E7B09.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\TQO7VlrhrN2iROvxW.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-1CE0B2C6-914F0C6C68E9.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\ulQERW_UXqYGHPV_.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-55B2160B-4B57C0D92397.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\W-MpCtMmi.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-3FCF7E2A-E81A367BF706.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\yv8TpvMdu0.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\F56924BE-9663-41BB-51FECB82-FFCD7A7B4612.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\4csml7.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\F56924BE-9663-41BB-B1710BE7-DD08C11B7FEF.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\Da3Cs8ioIcfSOE.swf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-0BE52A62-0D79B43742F3.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\59JR3lNu.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-5915827A-35CC304703C8.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\WjX4e.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\F56924BE-9663-41BB-165E2571-3D1F7BCD1A64.lukitus	source_filename = c:\Users\aETAdzjz\Videos\2O2msMjE8 v3PZje-.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-AD0F9D60-FC98F622FDAF.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\25w3DegZoT.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-5221E3EB-AE9961740B1D.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\7nbksoZkyYF4fahzyE.swf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-11DB606C-975B3B3752B2.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\h wpWI.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-603C0E3A-FCB2203116A2.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\I_LPQZX1r2pOZ.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-75BCC747-2718C1ED972A.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\mdlkCE 7Mu-OGE29yaZ.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-4B0F12D1-CA564F6CF8E9.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\UETE8.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-67143CE2-1F8F7E2FED94.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\UoYsAzDu.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-C97E94D5-143F175BE5A4.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\W6ZB3DB7-xAUK1zZacTk.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\4fq0\F56924BE-9663-41BB-994D93DA-180F73254B26.lukitus	source_filename = c:\Users\aETAdzjz\Videos\4fq0\z AIP.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\F56924BE-9663-41BB-E7CE6B36-6FF2A591CA6B.lukitus	source_filename = c:\Users\aETAdzjz\Videos\6PLcPv.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\F56924BE-9663-41BB-F403E2BA-F520D5A5373D.lukitus	source_filename = c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ryXtE3BJzHtC.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\F56924BE-9663-41BB-6CEE6528-76D95B986EF6.lukitus	source_filename = c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ueTgIfGdCBC8HX.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\F56924BE-9663-41BB-C00EFD39-06B140A3FA21.lukitus	source_filename = c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\_DXKgbJSQ.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\F56924BE-9663-41BB-6295A539-7A67CBEDDB7F.lukitus	source_filename = c:\Users\aETAdzjz\Videos\bRUXQf.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\F56924BE-9663-41BB-B99EF73A-C9F832ABEEC4.lukitus	source_filename = c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\-SEWASLi_AhMGq.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\F56924BE-9663-41BB-65151815-9CA1B64A11E4.lukitus	source_filename = c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\Herk5RK.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\F56924BE-9663-41BB-3E6508BD-D29B57D1C2AC.lukitus	source_filename = c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\WTGYwX_xAAyiysOv.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\F56924BE-9663-41BB-D017408C-A1C491103B3C.lukitus	source_filename = c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\9ELHlX71.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\F56924BE-9663-41BB-45ED5AE6-C311E03F5420.lukitus	source_filename = c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\hU-6eYaCn.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\F56924BE-9663-41BB-5163FD42-2B989A19C670.lukitus	source_filename = c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\jHPdC0WPi4JYh1.flv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\F56924BE-9663-41BB-4BD5A65F-19DB8AEF6518.lukitus	source_filename = c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\wKIU.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\F56924BE-9663-41BB-09D24D7F-1993D32C1FBE.lukitus	source_filename = c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\BmSmMoZk2gCziPMvpsZ.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\F56924BE-9663-41BB-B340460A-8184FDA16B6E.lukitus	source_filename = c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\eSi7n7P2AfSI0U.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\F56924BE-9663-41BB-693A5B37-95AAFD86E03D.lukitus	source_filename = c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\G36Xd28j-O.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\F56924BE-9663-41BB-03B5ADAF-240C69733345.lukitus	source_filename = c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\ROpsn4ybvdCclm8gHa1.avi, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\F56924BE-9663-41BB-4A8325C8-D3DD48FE9B0E.lukitus	source_filename = c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\Z VwmDF.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\F56924BE-9663-41BB-8A8002EE-8EAA9E43EA07.lukitus	source_filename = c:\Users\aETAdzjz\Videos\HktBrKL.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\F56924BE-9663-41BB-6DBB5E47-DBEBE7A5FEA3.lukitus	source_filename = c:\Users\aETAdzjz\Videos\rnbs_ lcM4.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Videos\F56924BE-9663-41BB-113D17D0-3236FCFAE43F.lukitus	source_filename = c:\Users\aETAdzjz\Videos\YDhL-_Oa9J5GrHs.swf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\F56924BE-9663-41BB-451C9042-7ACDCA4814EF.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\zmW_Fl42FVSkYv_yq.mp4, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\F56924BE-9663-41BB-D6925DAC-48972570B93F.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\Eq2x ys5Wy ICJP.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\F56924BE-9663-41BB-80B53F29-CCF6DCD53775.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\fSOLDrtbCkwq.mkv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\F56924BE-9663-41BB-9F971724-7F39278F3E87.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\2ZAx.swf, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\F56924BE-9663-41BB-5C2AB183-DBFCA67372B1.lukitus	source_filename = c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\X1J-XzbtNP4bcL.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-370A4C85-1F80AE0D9C7A.lukitus	source_filename = c:\Users\aETAdzjz\Music\0j6ddd daqyN2jsKY.wav, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-B3B4D02E-9E627B39C235.lukitus	source_filename = c:\Users\aETAdzjz\Music\AETaDb8fj.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Music\F56924BE-9663-41BB-1BB670A3-7CA494BB8764.lukitus	source_filename = c:\Users\aETAdzjz\Music\agMKSA0gka9nzokIE.m4a, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Music\Sample Music\F56924BE-9663-41BB-E7ED6FE8-82778B4CB908.lukitus	source_filename = c:\Users\Public\Music\Sample Music\Kalimba.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Music\Sample Music\F56924BE-9663-41BB-FCD298FA-818189779DE9.lukitus	source_filename = c:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Music\Sample Music\F56924BE-9663-41BB-ADC81CE2-94215817FAE5.lukitus	source_filename = c:\Users\Public\Music\Sample Music\Sleep Away.mp3, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\Public\Videos\Sample Videos\F56924BE-9663-41BB-4B442157-696184C15ED5.lukitus	source_filename = c:\Users\Public\Videos\Sample Videos\Wildlife.wmv, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Contacts\F56924BE-9663-41BB-9708D0B4-8FF0AA0A752D.lukitus	source_filename = c:\Users\aETAdzjz\Contacts\Aclviho ASldjfl.contact, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\ProgramData\Mozilla\logs\F176919E2FDBB656461BC74C80CF566C.tmp	source_filename = c:\ProgramData\Mozilla\logs\maintenanceservice-install.log, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\ProgramData\Microsoft\RAC\PublishedData\40EEB5158C34DEBD2CB4E1B03CE6FB8A.tmp	source_filename = c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf, flags = MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Documents\F56924BE-9663-41BB-3E83206B-222A0EAE7C38.lukitus	source_filename = c:\Users\aETAdzjz\Documents\Database1.accdb, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\ProgramData\Adobe\ARM\Reader_10.0.0\F56924BE-9663-41BB-D8BE3C5C-B36FD1B73B13.lukitus	source_filename = c:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Contacts\F56924BE-9663-41BB-75322EBB-BE90A9784F44.lukitus	source_filename = c:\Users\aETAdzjz\Contacts\sikvnb huvuib.contact, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Contacts\F56924BE-9663-41BB-7BCE8B0A-B14ED50B7B3A.lukitus	source_filename = c:\Users\aETAdzjz\Contacts\lulcit amkdfe.contact, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Contacts\F56924BE-9663-41BB-432D0A28-59FA3E7273DF.lukitus	source_filename = c:\Users\aETAdzjz\Contacts\chucu jadnvk.contact, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Contacts\F56924BE-9663-41BB-E1736BF8-B7B89FCE74B3.lukitus	source_filename = c:\Users\aETAdzjz\Contacts\asdlfk poopvy.contact, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move	c:\Users\aETAdzjz\Contacts\F56924BE-9663-41BB-B8822C87-6D1307967B76.lukitus	source_filename = c:\Users\aETAdzjz\Contacts\Administrator.contact, flags = MOVEFILE_REPLACE_EXISTING, MOVEFILE_WRITE_THROUGH	1	Fn
Move		source_filename = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, flags = MOVEFILE_DELAY_UNTIL_REBOOT	1	Fn
Read	c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls	size = 82943, size_out = 82943	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx	size = 17514, size_out = 17514	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls	size = 29538, size_out = 29538	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods	size = 69798, size_out = 69798	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\~$098073.doc	size = 162, size_out = 162	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx	size = 59012, size_out = 59012	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx	size = 88548, size_out = 88548	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots	size = 77549, size_out = 77549	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods	size = 6767, size_out = 6767	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx	size = 75709, size_out = 75709	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\098073.doc	size = 49622, size_out = 49622	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt	size = 80763, size_out = 80763	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx	size = 95572, size_out = 95572	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\GQc8.ots	size = 84647, size_out = 84647	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	size = 6184, size_out = 6184	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp	size = 62576, size_out = 62576	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx	size = 34902, size_out = 34902	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots	size = 88392, size_out = 88392	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt	size = 100286, size_out = 100286	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx	size = 61637, size_out = 61637	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\izRfTW.odt	size = 41542, size_out = 41542	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx	size = 71911, size_out = 71911	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\C5Ehab.pptx	size = 98683, size_out = 98683	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt	size = 56144, size_out = 56144	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt	size = 6876, size_out = 6876	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx	size = 68637, size_out = 68637	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx	size = 80410, size_out = 80410	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx	size = 50853, size_out = 50853	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp	size = 5518, size_out = 5518	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx	size = 54803, size_out = 54803	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst	size = 271360, size_out = 271360	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt	size = 98151, size_out = 98151	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt	size = 13106, size_out = 13106	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots	size = 73520, size_out = 73520	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt	size = 72369, size_out = 72369	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx	size = 92741, size_out = 92741	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods	size = 100583, size_out = 100583	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx	size = 25656, size_out = 25656	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp	size = 84663, size_out = 84663	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls	size = 70388, size_out = 70388	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\iGbKMT66Nt d OO.xls	size = 48289, size_out = 48289	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\OwJVc55xap.xls	size = 92710, size_out = 92710	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\g3uu.odt	size = 42819, size_out = 42819	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\ShV11k3.ots	size = 22653, size_out = 22653	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\td5UFDZoyduoRv-UX.xls	size = 53912, size_out = 53912	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\w138BdKfP5oikOfg f.pptx	size = 14691, size_out = 14691	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\Tl3GVm4MVU0MvXfGYuVU.odp	size = 74661, size_out = 74661	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\WhVF-K7m2h 9Ki2J.xlsx	size = 63863, size_out = 63863	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\p3i2AVU6sbThPuu.rtf	size = 49299, size_out = 49299	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\_wLCg2yNbmoGGi.docx	size = 23858, size_out = 23858	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\Um6ac xaRWrq3ZwHex.pps	size = 11101, size_out = 11101	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\ehbu75um3wvro9aSR.pps	size = 102358, size_out = 102358	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\fc7shkFFqXcMBE_pu.docx	size = 77434, size_out = 77434	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\k5jcwCH7962.rtf	size = 39725, size_out = 39725	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Clg5pDW.docx	size = 20217, size_out = 20217	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\cqM03WsMqvf.rtf	size = 25565, size_out = 25565	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\jrZUr62deGwb.docx	size = 55804, size_out = 55804	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\m5XXH25oGduC2.rtf	size = 60562, size_out = 60562	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\1G6BTt0rvWc.rtf	size = 57579, size_out = 57579	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\CCwA9ID7MwdTmr.rtf	size = 46398, size_out = 46398	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\r1_647.docx	size = 55234, size_out = 55234	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\TrbkUrGWd.docx	size = 99570, size_out = 99570	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\XMZB_eGDIWAF.pps	size = 37106, size_out = 37106	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\VygBeG2O_CoUDZ0ri-y.docx	size = 85140, size_out = 85140	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\f2t Xh6k.pps	size = 94902, size_out = 94902	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\czmBJ.docx	size = 34730, size_out = 34730	1	Fn Data
Read	c:\ProgramData\Sun\Java\Java Update\jaureglist.xml	size = 119, size_out = 119	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\2hVBnJTXBLe0.csv	size = 15666, size_out = 15666	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\8KgurcPGpDs5t.csv	size = 14414, size_out = 14414	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\Fwkh\Af6epVD_ptV-.csv	size = 46593, size_out = 46593	1	Fn Data
Read	c:\Users\aETAdzjz\Documents\uzQVRf8Ab6Zlxci59iY5.csv	size = 74950, size_out = 74950	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\qFSpDSqJ5ckg.jpg	size = 21951, size_out = 21951	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Desert.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Desert.jpg	size = 321653, size_out = 321653	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg	size = 70996, size_out = 70996	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg	size = 251414, size_out = 251414	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\bJIMR_DP-n.jpg	size = 68399, size_out = 68399	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Koala.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Koala.jpg	size = 256543, size_out = 256543	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\9A8DdJheRUIQ_Ny.jpg	size = 99055, size_out = 99055	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg	size = 36988, size_out = 36988	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Penguins.jpg	size = 253547, size_out = 253547	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\97sFY1rz\NHG0O.jpg	size = 1600, size_out = 1600	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\AT4EGhpKo4u.jpg	size = 15393, size_out = 15393	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\i2NYxg2uc_Xdiq4.jpg	size = 67072, size_out = 67072	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\_2aELz\st1os2.jpg	size = 64252, size_out = 64252	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Tulips.jpg	size = 96600, size_out = 96600	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\_2aELz\6fTf.jpg	size = 24454, size_out = 24454	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\_2aELz\L5Wat-o9ZxSO52M2hy_.jpg	size = 82981, size_out = 82981	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	size = 524288, size_out = 524288	1	Fn Data
Read	c:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg	size = 355106, size_out = 355106	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\OZhWRjVb5.gif	size = 88452, size_out = 88452	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\mk3Q8l7gVRDjyXXB.bmp	size = 90257, size_out = 90257	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\fgtu.bmp	size = 98092, size_out = 98092	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\aci3.png	size = 100902, size_out = 100902	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\COLwLh6JcRBU0.bmp	size = 68668, size_out = 68668	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\lvLOYOhTcvvr3 yEH.gif	size = 59571, size_out = 59571	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\gXdxZsT0C5_j5.bmp	size = 57837, size_out = 57837	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\f3vo8D7NyvoaKcAkRsY.gif	size = 86862, size_out = 86862	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\6SCeJgmwXwG2GjK0Jp.gif	size = 15539, size_out = 15539	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\uoE18q.png	size = 71370, size_out = 71370	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\8lYa8AgxgSi0\tClzdjxzFnQ5k.gif	size = 11216, size_out = 11216	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\6UEh0WGr8W.bmp	size = 71496, size_out = 71496	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\_2aELz\8umgBK9 _uxC-P0clK.bmp	size = 34625, size_out = 34625	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\_2aELz\kMVEz0TO.bmp	size = 94889, size_out = 94889	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\97sFY1rz\CS rWU_9qBGaWWl2CS.png	size = 30262, size_out = 30262	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\_2aELz\Ou8E5Tf1Sws.bmp	size = 77703, size_out = 77703	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\Mx7rpkHkHEU4LD.png	size = 55731, size_out = 55731	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\97sFY1rz\LSk3e_y_Z.png	size = 35006, size_out = 35006	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\7EK45zr96-R7KlQSQB5.gif	size = 34256, size_out = 34256	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\97sFY1rz\ogZmmq5hx8.gif	size = 38895, size_out = 38895	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\97sFY1rz\QsiOxSCE.gif	size = 8996, size_out = 8996	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\97sFY1rz\Y_FO-Az1Ng2.gif	size = 63351, size_out = 63351	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\AHEE1OIJ1w.gif	size = 23999, size_out = 23999	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\0_64JkgHfEkBiBb6l.gif	size = 77109, size_out = 77109	1	Fn Data
Read	c:\Users\aETAdzjz\Pictures\WB2Drlh.bmp	size = 2784, size_out = 2784	1	Fn Data
Read	c:\Users\aETAdzjz\Music\C-DDFnNneMnC3LawF.wav	size = 61835, size_out = 61835	1	Fn Data
Read	c:\Users\aETAdzjz\Music\dOHwDq.wav	size = 65814, size_out = 65814	1	Fn Data
Read	c:\Users\aETAdzjz\Music\F8hMF6kNB.m4a	size = 62682, size_out = 62682	1	Fn Data
Read	c:\Users\aETAdzjz\Music\FrPnIN5nkI.mp3	size = 17231, size_out = 17231	1	Fn Data
Read	c:\Users\aETAdzjz\Music\IUVwA7Tr1T_-Isj.mp3	size = 28075, size_out = 28075	1	Fn Data
Read	c:\Users\aETAdzjz\Music\j-scGKW u_.wav	size = 24045, size_out = 24045	1	Fn Data
Read	c:\Users\aETAdzjz\Music\LAk9JPgeyPGa1dIfJP.wav	size = 40562, size_out = 40562	1	Fn Data
Read	c:\Users\aETAdzjz\Music\LisXqkX_EZX.m4a	size = 7822, size_out = 7822	1	Fn Data
Read	c:\Users\aETAdzjz\Music\nk-ypDwqGFeK9N.mp3	size = 36816, size_out = 36816	1	Fn Data
Read	c:\Users\aETAdzjz\Music\NzdrgktZ.mp3	size = 54168, size_out = 54168	1	Fn Data
Read	c:\Users\aETAdzjz\Music\NzYBBJl9pba5h.mp3	size = 68580, size_out = 68580	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\28a7m.mp3	size = 79852, size_out = 79852	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\5a CD.wav	size = 30655, size_out = 30655	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\68_-mk gLP.m4a	size = 1863, size_out = 1863	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\7w7S_UlISa3.m4a	size = 14012, size_out = 14012	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\BpH_tgEJy5Xpr.mp3	size = 93745, size_out = 93745	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\CcdGKWAWrhI8xFJ.m4a	size = 81161, size_out = 81161	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\dsXG2.wav	size = 10061, size_out = 10061	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\e0ajYWavTiTc8vxhoYhm.m4a	size = 53131, size_out = 53131	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\epFY_vnRuzs.m4a	size = 71497, size_out = 71497	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\F4ENR-Pu8LXCQZh7xOQc.wav	size = 35262, size_out = 35262	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\JinnQGZRvm31pijVuxNA.mp3	size = 66820, size_out = 66820	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\jYupwHhYlEf.mp3	size = 48911, size_out = 48911	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\k9Ct.wav	size = 50469, size_out = 50469	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\PgYW nGFmTuPUNXUwq.m4a	size = 34011, size_out = 34011	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\qKMaBu0E4qs17fQHw.wav	size = 97044, size_out = 97044	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\rhjg7pMy.wav	size = 5796, size_out = 5796	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\RpIimbK2wdoSlqmx.m4a	size = 2130, size_out = 2130	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\SSm4dCFGv.mp3	size = 47429, size_out = 47429	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\ttLID7ogL6LUJu1L5.mp3	size = 83446, size_out = 83446	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\v6Xlq.mp3	size = 30004, size_out = 30004	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\VDux-7HT2lWMCS_sfY1E.mp3	size = 23446, size_out = 23446	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\wiwYP97gesozht.wav	size = 101596, size_out = 101596	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\xdiH1Dx3ohQnc.mp3	size = 58501, size_out = 58501	1	Fn Data
Read	c:\Users\aETAdzjz\Music\qiS5lOMJG\YDlFcD1yCL2Rp7.wav	size = 83346, size_out = 83346	1	Fn Data
Read	c:\Users\aETAdzjz\Music\uG775ameeOobeX0HE.wav	size = 28380, size_out = 28380	1	Fn Data
Read	c:\Users\aETAdzjz\Music\upnIa15Gc.wav	size = 34609, size_out = 34609	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\1E2KN90cFWYD.mp3	size = 77121, size_out = 77121	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\aMCimEHovpv.wav	size = 79414, size_out = 79414	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\DeN-pBWXL-QGo4Re.flv	size = 22006, size_out = 22006	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\i97TREDet3.mp3	size = 39158, size_out = 39158	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\IIJa.m4a	size = 53815, size_out = 53815	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\l-Vn7zJZk5KM rTdu.mp4	size = 14351, size_out = 14351	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\N0q0_jKdd.m4a	size = 101914, size_out = 101914	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\PQ4Ji1zlt7H.avi	size = 78417, size_out = 78417	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\PxMz-DaEz.mkv	size = 35835, size_out = 35835	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\q3jafQj919wjB.wav	size = 64946, size_out = 64946	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\tdJtW4XGAbfx.mp3	size = 2671, size_out = 2671	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\TQO7VlrhrN2iROvxW.mp3	size = 6185, size_out = 6185	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\ulQERW_UXqYGHPV_.mp4	size = 86121, size_out = 86121	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\W-MpCtMmi.wav	size = 25787, size_out = 25787	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\yv8TpvMdu0.mp3	size = 85098, size_out = 85098	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\4csml7.mp3	size = 2505, size_out = 2505	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\Da3Cs8ioIcfSOE.swf	size = 27272, size_out = 27272	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\59JR3lNu.m4a	size = 67554, size_out = 67554	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\WjX4e.m4a	size = 24142, size_out = 24142	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\2O2msMjE8 v3PZje-.flv	size = 86778, size_out = 86778	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\25w3DegZoT.mp4	size = 13567, size_out = 13567	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\7nbksoZkyYF4fahzyE.swf	size = 41515, size_out = 41515	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\h wpWI.flv	size = 31550, size_out = 31550	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\I_LPQZX1r2pOZ.mkv	size = 16017, size_out = 16017	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\mdlkCE 7Mu-OGE29yaZ.avi	size = 91503, size_out = 91503	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\UETE8.mkv	size = 34705, size_out = 34705	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\UoYsAzDu.mp4	size = 91956, size_out = 91956	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\W6ZB3DB7-xAUK1zZacTk.flv	size = 85907, size_out = 85907	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\4fq0\z AIP.mkv	size = 59476, size_out = 59476	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\6PLcPv.avi	size = 54136, size_out = 54136	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ryXtE3BJzHtC.mkv	size = 60520, size_out = 60520	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\ueTgIfGdCBC8HX.mkv	size = 101362, size_out = 101362	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\7 hNkoOuqhuUPb4WBN\_DXKgbJSQ.avi	size = 18379, size_out = 18379	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\bRUXQf.mp4	size = 62172, size_out = 62172	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\-SEWASLi_AhMGq.flv	size = 36348, size_out = 36348	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\Herk5RK.avi	size = 27582, size_out = 27582	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\gq2odSlVTX32RO7-UPJ\WTGYwX_xAAyiysOv.mp4	size = 31323, size_out = 31323	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\9ELHlX71.mp4	size = 56839, size_out = 56839	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\hU-6eYaCn.flv	size = 31371, size_out = 31371	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\jHPdC0WPi4JYh1.flv	size = 81303, size_out = 81303	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\h0HlIK4-OKRqwTJCKj\wKIU.mkv	size = 36123, size_out = 36123	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\BmSmMoZk2gCziPMvpsZ.avi	size = 91877, size_out = 91877	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\eSi7n7P2AfSI0U.mkv	size = 42227, size_out = 42227	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\G36Xd28j-O.mp4	size = 68578, size_out = 68578	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\ROpsn4ybvdCclm8gHa1.avi	size = 94498, size_out = 94498	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\H1UVhZaX1OE 6HQDG\Z VwmDF.mp4	size = 55616, size_out = 55616	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\HktBrKL.mp4	size = 44296, size_out = 44296	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\rnbs_ lcM4.mkv	size = 61781, size_out = 61781	1	Fn Data
Read	c:\Users\aETAdzjz\Videos\YDhL-_Oa9J5GrHs.swf	size = 13701, size_out = 13701	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\dMOD_L2_N\zmW_Fl42FVSkYv_yq.mp4	size = 11274, size_out = 11274	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\Eq2x ys5Wy ICJP.m4a	size = 14722, size_out = 14722	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\fSOLDrtbCkwq.mkv	size = 83552, size_out = 83552	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\2ZAx.swf	size = 25327, size_out = 25327	1	Fn Data
Read	c:\Users\aETAdzjz\Desktop\zZG5e5YF\HmCN--W\X1J-XzbtNP4bcL.mp3	size = 5922, size_out = 5922	1	Fn Data
Read	c:\Users\aETAdzjz\Music\0j6ddd daqyN2jsKY.wav	size = 41398, size_out = 41398	1	Fn Data
Read	c:\Users\aETAdzjz\Music\AETaDb8fj.m4a	size = 72740, size_out = 72740	1	Fn Data
Read	c:\Users\aETAdzjz\Music\agMKSA0gka9nzokIE.m4a	size = 43237, size_out = 43237	1	Fn Data
Read	c:\Users\Public\Music\Sample Music\Kalimba.mp3	size = 524288, size_out = 524288	16	Fn Data
Read	c:\Users\Public\Music\Sample Music\Kalimba.mp3	size = 25841, size_out = 25841	1	Fn Data
Read	c:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	size = 524288, size_out = 524288	7	Fn Data
Read	c:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3	size = 443858, size_out = 443858	1	Fn Data
Read	c:\Users\Public\Music\Sample Music\Sleep Away.mp3	size = 524288, size_out = 524288	9	Fn Data
Read	c:\Users\Public\Music\Sample Music\Sleep Away.mp3	size = 123993, size_out = 123993	1	Fn Data
Read	c:\Users\Public\Videos\Sample Videos\Wildlife.wmv	size = 524288, size_out = 524288	50	Fn Data
Read	c:\Users\Public\Videos\Sample Videos\Wildlife.wmv	size = 31626, size_out = 31626	1	Fn
Read	c:\Users\aETAdzjz\Contacts\Aclviho ASldjfl.contact	size = 1178, size_out = 1178	1	Fn
Read	c:\ProgramData\Mozilla\logs\maintenanceservice-install.log	size = 164, size_out = 164	1	Fn
Read	c:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf	size = 479232, size_out = 479232	1	Fn
Read	c:\Users\aETAdzjz\Documents\Database1.accdb	size = 360448, size_out = 360448	1	Fn
Read	c:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin	size = 382476, size_out = 382476	1	Fn
Read	c:\Users\aETAdzjz\Contacts\sikvnb huvuib.contact	size = 1172, size_out = 1172	1	Fn
Read	c:\Users\aETAdzjz\Contacts\lulcit amkdfe.contact	size = 1174, size_out = 1174	1	Fn
Read	c:\Users\aETAdzjz\Contacts\chucu jadnvk.contact	size = 1177, size_out = 1177	1	Fn
Read	c:\Users\aETAdzjz\Contacts\asdlfk poopvy.contact	size = 1171, size_out = 1171	1	Fn
Read	c:\Users\aETAdzjz\Contacts\Administrator.contact	size = 68382, size_out = 68382	1	Fn
Write	c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls	size = 82943	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\1C8jivFwqY_v.xls	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\lukitus-2446.htm	size = 8874	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx	size = 17514	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\ZgsodtON.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls	size = 29538	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\uv7fKGVoQ2Jb7.xls	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\lukitus-547b.htm	size = 8874	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods	size = 69798	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\_BYbdV.ods	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\~$098073.doc	size = 162	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\~$098073.doc	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\lukitus-b59f.htm	size = 8874	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx	size = 59012	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\0xY2zyvX Zz5I6TOq4m.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx	size = 88548	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\0YmBkUpDTKvL.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots	size = 77549	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\_n9i7UNGQlTHEkQ9n65.ots	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods	size = 6767	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\6 EzXVOVC4Mq.ods	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx	size = 75709	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\86HHW2XyBUJyZf.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-93FF195C-3BB52D679DDB.lukitus	size = 49622	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\F56924BE-9663-41BB-93FF195C-3BB52D679DDB.lukitus	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt	size = 80763	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\0CA4J37R3gLfIG x-yY.odt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx	size = 95572	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\0Q64daekSd8g.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\GQc8.ots	size = 84647	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\GQc8.ots	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	size = 6184	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp	size = 62576	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\A4tJ-zen y.odp	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx	size = 34902	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\gxamJ-HMXiK0nNB-ChDC.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots	size = 88392	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\AofloKRSx6EqvwHf tV.ots	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt	size = 100286	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\D8nCf-5QuttckP.odt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx	size = 61637	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\H 34byGorwd3.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\izRfTW.odt	size = 41542	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\izRfTW.odt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx	size = 71911	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\bwXEB4I4JkSNwm.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\C5Ehab.pptx	size = 98683	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\C5Ehab.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt	size = 56144	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\fsb9bUgRCgwl4dnWSx.odt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt	size = 6876	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\MDETt7XI.ppt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx	size = 68637	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\MB-yqTrORXhMOe.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx	size = 80410	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\nNYiB9XHa kx1Nj0TSz.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx	size = 50853	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\numLCBTSa6GhcpDwzxf.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp	size = 5518	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\-v4o9DqP.odp	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx	size = 54803	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\2T-3O.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst	size = 271360	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt	size = 98151	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Fwkh\e3jdD AhhDmJ.ppt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt	size = 13106	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\pHA-WtfIuB3x.ppt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots	size = 73520	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\VevSo7gmHU.ots	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt	size = 72369	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\RaGQtsBU4.odt	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx	size = 92741	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\Ys7hE_EPaSvOAKC.xlsx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods	size = 100583	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\RCuamB3hI8kb2INA.ods	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx	size = 25656	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\rXZZKm4g6OK9.pptx	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp	size = 84663	1	Fn Data
Write	c:\Users\aETAdzjz\Documents\Te2yCCyBh24.odp	size = 836	1	Fn Data
Write	c:\Users\aETAdzjz\Desktop\zZG5e5YF\aLldt37So 5xCJ\mUJ7Tow.xls	size = 70388	1	Fn Data
For performance reasons, the remaining 382 entries are omitted. The remaining entries can be found in glog.xml.

Registry (3)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Control Panel\Desktop		1	Fn
Write Value	HKEY_CURRENT_USER\Control Panel\Desktop	value_name = WallpaperStyle, data = 0, size = 2, type = REG_SZ	1	Fn
Write Value	HKEY_CURRENT_USER\Control Panel\Desktop	value_name = TileWallpaper, data = 0, size = 2, type = REG_SZ	1	Fn

Process (3)

Operation	Process	Additional Information	Count	Logfile
Create	C:\Users\aETAdzjz\Desktop\lukitus.htm	show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Users\aETAdzjz\Desktop\lukitus.bmp	show_window = SW_SHOWNORMAL	1	Fn
Create	cmd.exe /C del /Q /F "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe"	os_pid = 0x7b0, creation_flags = CREATE_NEW_CONSOLE, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE	1	Fn

Module (229)

Operation	Module	Additional Information	Count	Logfile
Load	eappgnui.dll	base_address = 0x74ab0000	1	Fn
Load	gfppgnui.dll	base_address = 0x0	1	Fn
Load	MPR.dll	base_address = 0x74a90000	1	Fn
Load	WININET.dll	base_address = 0x75ba0000	1	Fn
Load	NETAPI32.dll	base_address = 0x74a70000	1	Fn
Load	vssapi.dll	base_address = 0x743d0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x751d0000	7	Fn
Get Handle	c:\windows\syswow64\advapi32.dll	base_address = 0x76f10000	1	Fn
Get Handle	MPR.dll	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\shell32.dll	base_address = 0x75cf0000	1	Fn
Get Handle	WININET.dll	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\gdi32.dll	base_address = 0x76b20000	1	Fn
Get Handle	c:\windows\syswow64\user32.dll	base_address = 0x76e10000	1	Fn
Get Handle	c:\windows\syswow64\ole32.dll	base_address = 0x74f70000	1	Fn
Get Handle	NETAPI32.dll	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\urlmon.dll	base_address = 0x753b0000	1	Fn
Get Handle	c:\windows\syswow64\oleaut32.dll	base_address = 0x75520000	1	Fn
Get Handle	c:\users\aetadzjz\appdata\local\temp\agraba8.exe	base_address = 0x400000	2	Fn
Get Filename	NETAPI32.dll	process_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, size = 260	1	Fn
Get Filename	NETAPI32.dll	process_name = c:\users\aetadzjz\appdata\local\temp\agraba8.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe, size = 520	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteProcessMemory, address_out = 0x751fd9e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapCreate, address_out = 0x751e4a2d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x773de026	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x751e14c9	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x751e110c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x751e1136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x751e192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x751e170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoA, address_out = 0x751fd5e5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTempFileNameW, address_out = 0x7520d1b6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVolumeNameForVolumeMountPointA, address_out = 0x7526b71d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetWindowsDirectoryA, address_out = 0x75202b0a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x751e103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x751e4435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x751e1809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x751e4442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeviceIoControl, address_out = 0x751e322f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x773d2270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x773d22b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x773e45f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSection, address_out = 0x773e2c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x751e5371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeW, address_out = 0x751e418b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVolumeInformationW, address_out = 0x751fc860	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDiskFreeSpaceExW, address_out = 0x751fd50f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x751e54ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x751e34d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x751e2d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventA, address_out = 0x751e328c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTempPathW, address_out = 0x751fd4dc	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x751e4950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x751e7a10	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindAtomA, address_out = 0x751fede4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFindAtomA, address_out = 0x7520d358	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAddAtomA, address_out = 0x75200526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AddAtomA, address_out = 0x751fed6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x751e3519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultUILanguage, address_out = 0x751e44ab	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MulDiv, address_out = 0x751e1b80	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenMutexA, address_out = 0x751fec6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadPriority, address_out = 0x751e32bb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x751e17ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x7520830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLangID, address_out = 0x751fd5fd	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDefaultLangID, address_out = 0x7520d346	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x751e87c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x751e1b00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x751e1410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x751e3ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x751e1282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x751e469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x751e59e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x751e17d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileTime, address_out = 0x751fecbb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x751e3f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x751e89b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileExW, address_out = 0x751f9b2d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x751e3509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x751e5a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x751e492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x773f1f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x751e11f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x751e1725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x751e3531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x751e1916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetHandleCount, address_out = 0x751ecb29	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x751e51e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x751e51cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x751e14b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualQuery, address_out = 0x751e445a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x751e1946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x751e17b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileAttributesW, address_out = 0x751fd4f7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileAttributesExW, address_out = 0x751e4574	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x751e34c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x751e49d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedDecrement, address_out = 0x751e13f0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x751e10ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x751e11c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x751e5063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x751e186e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x751e1222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleA, address_out = 0x751e1245	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x751e1856	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x751e51b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x751fd802	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x751e4a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x7520772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x751e4493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x7520d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x751e179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x751e5189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x773e3002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x751e1450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x751e11a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x751e34b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InterlockedIncrement, address_out = 0x751e1400	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x751e3587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x751e14fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x751e11e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x751e49ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x751e5235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x751e4d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSetInformation, address_out = 0x751e5651	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x751e51a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x751e58a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x7520d1c3	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x76f3779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGenRandom, address_out = 0x76f1dfc8	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x76f1e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = AllocateAndInitializeSid, address_out = 0x76f240e6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SetEntriesInAclA, address_out = 0x76f615e9	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = InitializeSecurityDescriptor, address_out = 0x76f24620	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SetSecurityDescriptorDacl, address_out = 0x76f2415e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = FreeSid, address_out = 0x76f2412e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x76f1c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextA, address_out = 0x76f191dd	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegDeleteValueA, address_out = 0x76f3a4ea	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x76f214d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExA, address_out = 0x76f214b3	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = AccessCheck, address_out = 0x76f1ca3c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = MapGenericMask, address_out = 0x76f37a73	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = DuplicateToken, address_out = 0x76f1c7e6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenThreadToken, address_out = 0x76f2432c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetFileSecurityW, address_out = 0x76f1a94d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetKeyParam, address_out = 0x76f377cb	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptSetHashParam, address_out = 0x76f53248	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x76f1df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x76f1df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x76f1df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x76f1df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SetTokenInformation, address_out = 0x76f19a92	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenProcessToken, address_out = 0x76f24304	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = EqualSid, address_out = 0x76f2410b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetTokenInformation, address_out = 0x76f2431c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x76f2469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExA, address_out = 0x76f24907	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyKey, address_out = 0x76f1c51a	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74a92dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetAddConnection2W, address_out = 0x74a94744	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74a92f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74a93058	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteW, address_out = 0x75d03c71	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x75d75708	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCrackUrlA, address_out = 0x75bad075	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x75bbab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetSetOptionA, address_out = 0x75bb75e8	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetQueryOptionA, address_out = 0x75bb1b56	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x75bcf18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetConnectA, address_out = 0x75bc49e9	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpOpenRequestA, address_out = 0x75bc4c7d	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpSendRequestA, address_out = 0x75c318f8	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpSendRequestExA, address_out = 0x75c31812	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpEndRequestA, address_out = 0x75bd45ea	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoA, address_out = 0x75bba33e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x75bbb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetWriteFile, address_out = 0x75bd46da	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpAddRequestHeadersA, address_out = 0x75bbdcd2	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = SetBkMode, address_out = 0x76b351a2	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = GetDeviceCaps, address_out = 0x76b34de0	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = SetTextColor, address_out = 0x76b3522d	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = GetDIBits, address_out = 0x76b36001	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = SelectObject, address_out = 0x76b34f70	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = CreateCompatibleDC, address_out = 0x76b354f4	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = DeleteDC, address_out = 0x76b358b3	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = CreateFontA, address_out = 0x76b3d0e8	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = CreateSolidBrush, address_out = 0x76b34f17	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = GetObjectA, address_out = 0x76b385d4	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = DeleteObject, address_out = 0x76b35689	1	Fn
Get Address	c:\windows\syswow64\gdi32.dll	function = CreateCompatibleBitmap, address_out = 0x76b35f49	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetDC, address_out = 0x76e272c4	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ReleaseDC, address_out = 0x76e27446	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DrawTextW, address_out = 0x76e325cf	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = FillRect, address_out = 0x76e30eb6	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetSystemMetrics, address_out = 0x76e27d2f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SystemParametersInfoW, address_out = 0x76e290d3	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = FrameRect, address_out = 0x76e3899d	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x74fb86d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x74fb9d0b	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x74f97259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeEx, address_out = 0x74fb09ad	1	Fn
Get Address	c:\windows\syswow64\netapi32.dll	function = DsRoleGetPrimaryDomainInformation, address_out = 0x74a31f3d	1	Fn
Get Address	c:\windows\syswow64\netapi32.dll	function = DsRoleFreeMemory, address_out = 0x74a319a9	1	Fn
Get Address	c:\windows\syswow64\urlmon.dll	function = ObtainUserAgentString, address_out = 0x753e1d76	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75523ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75523e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 149, address_out = 0x755246a5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75523eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75524642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 150, address_out = 0x75524731	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x751e4f2b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x751e1252	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x751e4208	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x751e359f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsWow64Process, address_out = 0x751e195e	1	Fn
Get Address	Unknown module name	function = CreateVssBackupComponentsInternal, address_out = 0x743ed400	1	Fn
Get Address	Unknown module name	function = VssFreeSnapshotPropertiesInternal, address_out = 0x743e77f9	1	Fn

COM (1)

Operation	Additional Information	Success	Count	Logfile
Create	interface = 2FABA4C7-4DA9-4013-9697-20CC3FD40F85, cls_context = CLSCTX_INPROC_SERVER		1	Fn

Driver (5)

Operation	Driver	Additional Information	Count	Logfile
Control	c:\Users\aETAdzjz\Documents\lukitus-2446.htm	control_code = 0x9c040	1	Fn Data
Control	c:\Users\aETAdzjz\Documents\Fwkh\lukitus-547b.htm	control_code = 0x9c040	1	Fn Data
Control	c:\Users\aETAdzjz\Desktop\lukitus-b59f.htm	control_code = 0x9c040	1	Fn Data
Control	C:\Users\aETAdzjz\Desktop\lukitus.htm	control_code = 0x9c040	1	Fn
Control	C:\Users\aETAdzjz\Desktop\lukitus.bmp	control_code = 0x9c040	1	Fn

System (231)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = YKYD69Q, type = ComputerNameNetBIOS	1	Fn
Sleep	duration = 31000 milliseconds (31.000 seconds)	1	Fn
Sleep	duration = 10 milliseconds (0.010 seconds)	8	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:20 (UTC)	1	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:47 (UTC)	20	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:48 (UTC)	60	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:49 (UTC)	69	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:50 (UTC)	57	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:51 (UTC)	3	Fn
Get Time	type = System Time, time = 2017-08-17 13:54:52 (UTC)	8	Fn
Get Info	type = Windows Directory, result_out = C:\Windows	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = System Directory, result_out = C:\Windows\system32	1	Fn

Mutex (2)

Operation	Additional Information	Success	Count	Logfile
Open	mutex_name = Global\Ga6a7a:a3a5aCaFa:a7a7a4a5a2aCaCa, desired_access = SYNCHRONIZE		1	Fn
Open	mutex_name = Local\Ga6a7a:a3a5aCaFa:a7a7a4a5a2aCaCa, desired_access = SYNCHRONIZE		1	Fn

Environment (9)

Operation	Additional Information	Count	Logfile
Get Environment String	name = 杧晱汳扭	4	Fn
Get Environment String		1	Fn Data
Set Environment String	name = uulkmabdgqks, value = uulkmabdgqks	4	Fn

Network Behavior

HTTP Sessions (4)

Information	Value
Total Data Sent	1.37 KB (1404 bytes)
Total Data Received	10.73 KB (10987 bytes)
Contacted Host Count	1
Contacted Hosts	212.109.220.109

HTTP Session #1

Information	Value
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name	212.109.220.109
Server Port	80
Data Sent	0.34 KB (351 bytes)
Data Received	0.35 KB (356 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_DIRECT	1	Fn
Open Connection	protocol = HTTP, server_name = 212.109.220.109, server_port = 80	1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Accept: / Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Read Response	size = 348, size_out = 348	1	Fn Data

HTTP Session #2

Information	Value
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name	212.109.220.109
Server Port	80
Data Sent	0.34 KB (351 bytes)
Data Received	1.20 KB (1225 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_DIRECT	1	Fn
Open Connection	protocol = HTTP, server_name = 212.109.220.109, server_port = 80	1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Accept: / Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Read Response	size = 1217, size_out = 1217	1	Fn Data

HTTP Session #3

Information	Value
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name	212.109.220.109
Server Port	80
Data Sent	0.34 KB (351 bytes)
Data Received	8.91 KB (9122 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_DIRECT	1	Fn
Open Connection	protocol = HTTP, server_name = 212.109.220.109, server_port = 80	1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Accept: / Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Read Response	size = 9114, size_out = 9114	1	Fn Data

HTTP Session #4

Information	Value
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Server Name	212.109.220.109
Server Port	80
Data Sent	0.34 KB (351 bytes)
Data Received	0.28 KB (284 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_DIRECT	1	Fn
Open Connection	protocol = HTTP, server_name = 212.109.220.109, server_port = 80	1	Fn
Open HTTP Request	http_verb = POST, http_version = HTTP/1.1, target_resource = /imageload.cgi, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD	1	Fn
Add HTTP Request Headers	headers = Accept: / Accept-Language: en-us Referer: http://212.109.220.109/ x-requested-with: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cache-Control: no-cache	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 212.109.220.109/imageload.cgi	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_TRANSFER_ENCODING, HTTP_QUERY_LINK, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Query HTTP Info	flags = HTTP_QUERY_CONTENT_TYPE, HTTP_QUERY_CONTENT_DESCRIPTION, HTTP_QUERY_FLAG_NUMBER, size_out = 4	1	Fn Data
Read Response	size = 276, size_out = 276	1	Fn Data

Process #3: taskeng.exe'

Information	Value
ID	#3
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {4E22B586-9520-4D04-A683-CAB40E860F60} S-1-5-18:NT AUTHORITY\System:Service:
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:46, Reason: Created Scheduled Job
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:00:39
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x728
Parent PID	0x360 (c:\windows\system32\svchost.exe)
Is Created or Modified Executable
Integrity Level	System (Elevated)
Username	NT AUTHORITY\SYSTEM
Groups	Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\SERVICE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT SERVICE\BDESVC (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\BITS (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\CertPropSvc (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\EapHost (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\hkmsvc (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\IKEEXT (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\iphlpsvc (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\LanmanServer (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\MMCSS (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\MSiSCSI (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\RasAuto (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\RasMan (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\RemoteAccess (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\Schedule (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\SCPolicySvc (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\SENS (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\SessionEnv (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\SharedAccess (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\ShellHWDetection (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\wercplsupport (ENABLED_BY_DEFAULT, OWNER) NT SERVICE\Winmgmt (ENABLED_BY_DEFAULT, ENABLED, OWNER) NT SERVICE\wuauserv (ENABLED_BY_DEFAULT, OWNER) NT AUTHORITY\Logon Session 00000000:0000be5d (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (ENABLED_BY_DEFAULT, ENABLED, OWNER)
Enabled Privileges	SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs	0x BF4 0x 6DC 0x 6E0 0x 688 0x 5E0 0x 72C

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x00026fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000040000	0x00040000	0x00040fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00050000	0x000b6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000000c0000	0x000c0000	0x000c1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000000d0000	0x000d0000	0x000d0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000000f0000	0x000f0000	0x0016ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000170000	0x00170000	0x0022ffff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000230000	0x00230000	0x00230fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000240000	0x00240000	0x0024ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000270000	0x00270000	0x0036ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000370000	0x00370000	0x0046ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000470000	0x00470000	0x005f7fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000600000	0x00600000	0x00780fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000790000	0x00790000	0x00b82fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000b90000	0x00b90000	0x00c8ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000cb0000	0x00cb0000	0x00d2ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000d60000	0x00d60000	0x00ddffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000e90000	0x00e90000	0x00f0ffff	Private Memory	Readable, Writable	Region Actions
sortdefault.nls	0x00ff0000	0x012befff	Memory Mapped File	Readable	Region Actions
private_0x0000000001300000	0x01300000	0x0137ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001520000	0x01520000	0x0159ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000015a0000	0x015a0000	0x0161ffff	Private Memory	Readable, Writable	Region Actions
user32.dll	0x76fb0000	0x770a9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x770b0000	0x771cefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions
taskeng.exe	0xffd10000	0xffd83fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
tschannel.dll	0x7fef4b40000	0x7fef4b48fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ktmw32.dll	0x7fefa960000	0x7fefa969fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
xmllite.dll	0x7fefb5d0000	0x7fefb604fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x7fefc710000	0x7fefc756fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x7fefca10000	0x7fefca26fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wevtapi.dll	0x7fefcc00000	0x7fefcc6cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x7fefcfe0000	0x7fefd004fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x7fefd010000	0x7fefd01efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x7fefd100000	0x7fefd113fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x7fefd2b0000	0x7fefd31afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x7fefd550000	0x7fefd618fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x7fefd620000	0x7fefd6f6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x7fefd700000	0x7fefd7dafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x7fefdbb0000	0x7fefdbddfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x7fefde40000	0x7fefe042fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x7fefe220000	0x7fefe2b8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x7fefe2c0000	0x7fefe2defff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x7fefe2e0000	0x7fefe3e8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x7fefe3f0000	0x7fefe51cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x7fefe520000	0x7fefe5befff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x7fefe5d0000	0x7fefe636fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x7fefe640000	0x7fefe64dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x7fefe6d0000	0x7fefe740fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apisetschema.dll	0x7feff4f0000	0x7feff4f0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000007fffffae000	0x7fffffae000	0x7fffffaffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x000007fffffb0000	0x7fffffb0000	0x7fffffd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000007fffffd4000	0x7fffffd4000	0x7fffffd5fff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffd6000	0x7fffffd6000	0x7fffffd6fff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffd8000	0x7fffffd8000	0x7fffffd9fff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffda000	0x7fffffda000	0x7fffffdbfff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffdc000	0x7fffffdc000	0x7fffffddfff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffde000	0x7fffffde000	0x7fffffdffff	Private Memory	Readable, Writable	Region Actions

Process #4: taskeng.exe'

Information	Value
ID	#4
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {A63D8ADE-049B-493D-9EF8-CBCBD23E6074} S-1-5-21-2345716840-1148442690-1481144037-1000:YKYD69Q\aETAdzjz:Interactive:Highest[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:46, Reason: Created Scheduled Job
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:00:39
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x5f8
Parent PID	0x360 (c:\windows\system32\svchost.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	YKYD69Q\aETAdzjz
Groups	YKYD69Q\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010cdc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 81C 0x 6C8 0x 6C4 0x 610 0x 604 0x 5FC

Region

Name	Start VA	End VA	Type	Permissions	Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x00026fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000040000	0x00040000	0x00040fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00050000	0x000b6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000000c0000	0x000c0000	0x000c1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000000d0000	0x000d0000	0x000d0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000000f0000	0x000f0000	0x0016ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000170000	0x00170000	0x00170fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000190000	0x00190000	0x0020ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000210000	0x00210000	0x0030ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000340000	0x00340000	0x0043ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000440000	0x00440000	0x005c7fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000610000	0x00610000	0x0061ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000620000	0x00620000	0x007a0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000007b0000	0x007b0000	0x01baffff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001bb0000	0x01bb0000	0x01fa2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002030000	0x02030000	0x020affff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002150000	0x02150000	0x021cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000021d0000	0x021d0000	0x0224ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002250000	0x02250000	0x0234ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000023a0000	0x023a0000	0x0241ffff	Private Memory	Readable, Writable	Region Actions
sortdefault.nls	0x02520000	0x027eefff	Memory Mapped File	Readable	Region Actions
private_0x0000000002810000	0x02810000	0x0288ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002890000	0x02890000	0x0296efff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002a40000	0x02a40000	0x02abffff	Private Memory	Readable, Writable	Region Actions
user32.dll	0x76fb0000	0x770a9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x770b0000	0x771cefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions
taskeng.exe	0xffd10000	0xffd83fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
tschannel.dll	0x7fef4b40000	0x7fef4b48fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ktmw32.dll	0x7fefa960000	0x7fefa969fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
xmllite.dll	0x7fefb5d0000	0x7fefb604fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwmapi.dll	0x7fefb610000	0x7fefb627fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x7fefba40000	0x7fefba95fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x7fefc710000	0x7fefc756fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x7fefca10000	0x7fefca26fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wevtapi.dll	0x7fefcc00000	0x7fefcc6cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x7fefcfe0000	0x7fefd004fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x7fefd010000	0x7fefd01efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x7fefd100000	0x7fefd113fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x7fefd2b0000	0x7fefd31afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x7fefd550000	0x7fefd618fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x7fefd620000	0x7fefd6f6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x7fefd700000	0x7fefd7dafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x7fefdbb0000	0x7fefdbddfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x7fefde40000	0x7fefe042fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x7fefe220000	0x7fefe2b8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x7fefe2c0000	0x7fefe2defff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x7fefe2e0000	0x7fefe3e8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x7fefe3f0000	0x7fefe51cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x7fefe520000	0x7fefe5befff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x7fefe5d0000	0x7fefe636fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x7fefe640000	0x7fefe64dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x7fefe6d0000	0x7fefe740fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apisetschema.dll	0x7feff4f0000	0x7feff4f0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000007fffffb0000	0x7fffffb0000	0x7fffffd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000007fffffd3000	0x7fffffd3000	0x7fffffd4fff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffd5000	0x7fffffd5000	0x7fffffd6fff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffd7000	0x7fffffd7000	0x7fffffd8fff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffd9000	0x7fffffd9000	0x7fffffdafff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffdb000	0x7fffffdb000	0x7fffffdcfff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffdd000	0x7fffffdd000	0x7fffffdefff	Private Memory	Readable, Writable	Region Actions
private_0x000007fffffdf000	0x7fffffdf000	0x7fffffdffff	Private Memory	Readable, Writable	Region Actions

Process #5: iexplore.exe'

Information	Value
ID	#5
File Name	c:\program files (x86)\internet explorer\iexplore.exe
Command Line	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
Initial Working Directory	C:\Users\aETAdzjz\Desktop\
Monitor	Start Time: 00:01:53, Reason: Child Process
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:00:32
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x8e0
Parent PID	0xb68 (c:\users\aetadzjz\appdata\local\temp\agraba8.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	YKYD69Q\aETAdzjz
Groups	YKYD69Q\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010cdc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 8F0 0x 910 0x 914 0x 954 0x 9D4 0x 368 0x A84 0x 980 0x 44C 0x 7FC 0x AD4 0x AD0 0x AA8 0x A80 0x A78 0x 130 0x 534 0x 7C8 0x 658

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x00026fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00031fff	Pagefile Backed Memory	Readable, Writable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00060000	0x000c6fff	Memory Mapped File	Readable	Region Actions
iexplore.exe.mui	0x000d0000	0x000d1fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	Region Actions Download Dump
oleaccrc.dll	0x00100000	0x00100fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000110000	0x00110000	0x00111fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000120000	0x00120000	0x00121fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000130000	0x00130000	0x00131fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000140000	0x00140000	0x00140fff	Pagefile Backed Memory	Readable, Writable	Region Actions
index.dat	0x00150000	0x0015bfff	Memory Mapped File	Readable, Writable	Region Actions
index.dat	0x00160000	0x00167fff	Memory Mapped File	Readable, Writable	Region Actions
index.dat	0x00170000	0x0017ffff	Memory Mapped File	Readable, Writable	Region Actions
pagefile_0x0000000000180000	0x00180000	0x00180fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000190000	0x00190000	0x001cffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000001d0000	0x001d0000	0x001d0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000001e0000	0x001e0000	0x001e0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000001f0000	0x001f0000	0x001f0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000200000	0x00200000	0x00200fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000210000	0x00210000	0x0021ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000210000	0x00210000	0x00211fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000220000	0x00220000	0x00221fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000230000	0x00230000	0x00231fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000240000	0x00240000	0x0033ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000340000	0x00340000	0x0043ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000440000	0x00440000	0x00440fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000450000	0x00450000	0x00450fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000460000	0x00460000	0x0049ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000004a0000	0x004a0000	0x0051ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000520000	0x00520000	0x0058dfff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000590000	0x00590000	0x00590fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000005a0000	0x005a0000	0x005a0fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000005f0000	0x005f0000	0x0062ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000630000	0x00630000	0x0066ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000680000	0x00680000	0x0077ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000780000	0x00780000	0x00907fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000920000	0x00920000	0x0092ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000930000	0x00930000	0x00ab0fff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x00ac0000	0x00d8efff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000d90000	0x00d90000	0x00e07fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000e30000	0x00e30000	0x00e6ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000eb0000	0x00eb0000	0x00eeffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000f20000	0x00f20000	0x00f5ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000f60000	0x00f60000	0x00f9ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000fc0000	0x00fc0000	0x010bffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000010e0000	0x010e0000	0x011dffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000011e0000	0x011e0000	0x012befff	Pagefile Backed Memory	Readable	Region Actions
iexplore.exe	0x01340000	0x013e5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x00000000013f0000	0x013f0000	0x027effff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002850000	0x02850000	0x0294ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002960000	0x02960000	0x0299ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002a10000	0x02a10000	0x02a4ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002a50000	0x02a50000	0x02b4ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002b70000	0x02b70000	0x02baffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000002c50000	0x02c50000	0x02d4ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000002d50000	0x02d50000	0x03092fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000030d0000	0x030d0000	0x031cffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000003280000	0x03280000	0x032bffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000003320000	0x03320000	0x0341ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000003470000	0x03470000	0x034affff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000003560000	0x03560000	0x0365ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000003780000	0x03780000	0x0387ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000005fff0000	0x5fff0000	0x5fffffff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ieframe.dll	0x721e0000	0x72c5ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwmapi.dll	0x73440000	0x73452fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x738c0000	0x7393ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73a80000	0x73adbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73ae0000	0x73b1efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73b50000	0x73b57fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
fwpuclnt.dll	0x73fd0000	0x74007fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netprofm.dll	0x73ff0000	0x74049fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sqmapi.dll	0x74010000	0x74042fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleacc.dll	0x74050000	0x7408bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wship6.dll	0x74530000	0x74535fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
npmproxy.dll	0x74540000	0x74547fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
version.dll	0x74540000	0x74548fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x74550000	0x7455dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wshtcpip.dll	0x74650000	0x74654fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mswsock.dll	0x74660000	0x7469bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasadhlp.dll	0x746a0000	0x746a5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nlaapi.dll	0x746b0000	0x746bffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasapi32.dll	0x746c0000	0x74711fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comctl32.dll	0x74720000	0x748bdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sensapi.dll	0x748d0000	0x748d5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rtutils.dll	0x748e0000	0x748ecfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rasman.dll	0x748f0000	0x74904fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winnsi.dll	0x74910000	0x74916fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iphlpapi.dll	0x74920000	0x7493bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dnsapi.dll	0x74940000	0x74983fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
profapi.dll	0x74990000	0x7499afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntmarta.dll	0x749a0000	0x749c0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x749d0000	0x74a0afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74a10000	0x74a25fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74f00000	0x74f0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74f10000	0x74f6ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x74f70000	0x750cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x750d0000	0x7516cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x75170000	0x751b4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x751c0000	0x751c9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x751d0000	0x752dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x752e0000	0x753abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
urlmon.dll	0x753b0000	0x754e5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x75520000	0x755aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x755d0000	0x7567bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
psapi.dll	0x756e0000	0x756e4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comdlg32.dll	0x75700000	0x7577afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x75780000	0x757d6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757e0000	0x758cffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msasn1.dll	0x758d0000	0x758dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iertutil.dll	0x758e0000	0x75adafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75b40000	0x75b9ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wininet.dll	0x75ba0000	0x75c94fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75ca0000	0x75ce5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x75cf0000	0x76939fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x76ae0000	0x76b14fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76b20000	0x76baffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x76c40000	0x76c58fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x76c60000	0x76ce2fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x76cf0000	0x76e0cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x76e10000	0x76f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x76f10000	0x76faffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076fb0000	0x76fb0000	0x770a9fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000770b0000	0x770b0000	0x771cefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x77380000	0x77385fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x773b0000	0x7752ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000000007ef9b000	0x7ef9b000	0x7ef9dfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007ef9e000	0x7ef9e000	0x7efa0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efa1000	0x7efa1000	0x7efa3fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efa4000	0x7efa4000	0x7efa6fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efa7000	0x7efa7000	0x7efa9fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efaa000	0x7efaa000	0x7efacfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efad000	0x7efad000	0x7efaffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions
For performance reasons, the remaining 134 entries are omitted. The remaining entries can be found in flog.txt.

Process #8: cmd.exe

(Host: 51, Network: 0)

Information	Value
ID	#8
File Name	c:\windows\syswow64\cmd.exe
Command Line	cmd.exe /C del /Q /F "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe"
Initial Working Directory	C:\Users\aETAdzjz\Desktop\
Monitor	Start Time: 00:01:55, Reason: Child Process
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:00:30

OS Process Information

Information	Value
PID	0x7b0
Parent PID	0xb68 (c:\users\aetadzjz\appdata\local\temp\agraba8.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	YKYD69Q\aETAdzjz
Groups	YKYD69Q\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010cdc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 348

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x0002ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00036fff	Pagefile Backed Memory	Readable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000060000	0x00060000	0x00060fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00070000	0x000d6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000000e0000	0x000e0000	0x000e1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000100000	0x00100000	0x00100fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000190000	0x00190000	0x001cffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000240000	0x00240000	0x0033ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000430000	0x00430000	0x004affff	Private Memory	Readable, Writable	Region Actions
private_0x00000000005a0000	0x005a0000	0x0069ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000810000	0x00810000	0x0081ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000820000	0x00820000	0x009a7fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000009b0000	0x009b0000	0x00b30fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000b40000	0x00b40000	0x01f3ffff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000001f40000	0x01f40000	0x02282fff	Pagefile Backed Memory	Readable	Region Actions
cmd.exe	0x4aa60000	0x4aaabfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73a80000	0x73adbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73ae0000	0x73b1efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73b50000	0x73b57fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winbrand.dll	0x74a40000	0x74a46fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74f00000	0x74f0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74f10000	0x74f6ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x750d0000	0x7516cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x751c0000	0x751c9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x751d0000	0x752dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x752e0000	0x753abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x755d0000	0x7567bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757e0000	0x758cffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75b40000	0x75b9ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75ca0000	0x75ce5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76b20000	0x76baffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x76c40000	0x76c58fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x76e10000	0x76f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x76f10000	0x76faffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076fb0000	0x76fb0000	0x770a9fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000770b0000	0x770b0000	0x771cefff	Private Memory	Readable, Writable, Executable	Region Actions
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x773b0000	0x7752ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Host Behavior

File (14)

Operation	Filename	Additional Information	Count	Logfile
Get Info	C:\Users\aETAdzjz\Desktop	type = file_attributes	2	Fn
Get Info	C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe	type = file_attributes	2	Fn
Get Info	C:\Users\aETAdzjz\AppData\Local\Temp	type = file_attributes	1	Fn
Open	STD_OUTPUT_HANDLE		5	Fn
Open	STD_INPUT_HANDLE		3	Fn
Delete	C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe		1	Fn

Registry (17)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System		1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor		1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Command Processor		1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 0, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Command Processor	value_name = AutoRun, data = 9, type = REG_NONE	1	Fn

Module (8)

Operation	Module	Additional Information	Count	Logfile
Get Handle	c:\windows\syswow64\cmd.exe	base_address = 0x4aa60000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x751d0000	2	Fn
Get Filename		process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadUILanguage, address_out = 0x751fa84f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileExW, address_out = 0x75203b92	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x751e4a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleInputExeNameW, address_out = 0x751fa79d	1	Fn

System (1)

Operation	Additional Information	Success	Count	Logfile
Get Time	type = System Time, time = 2017-08-17 13:54:57 (UTC)		1	Fn

Environment (11)

Operation	Additional Information	Count	Logfile
Get Environment String		4	Fn Data
Get Environment String	name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client	1	Fn
Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	1	Fn
Get Environment String	name = PROMPT	1	Fn
Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Get Environment String	name = KEYS	1	Fn
Set Environment String	name = PROMPT, value = $P$G	1	Fn
Set Environment String	name = =C:, value = C:\Users\aETAdzjz\Desktop	1	Fn

Process #9: iexplore.exe'

Information	Value
ID	#9
File Name	c:\program files (x86)\internet explorer\iexplore.exe
Command Line	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2272 CREDAT:14337
Initial Working Directory	C:\Users\aETAdzjz\Desktop\
Monitor	Start Time: 00:01:55, Reason: Child Process
Unmonitor	End Time: 00:02:25, Reason: Terminated by Timeout
Monitor Duration	00:00:30
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x24c
Parent PID	0x8e0 (c:\program files (x86)\internet explorer\iexplore.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	YKYD69Q\aETAdzjz
Groups	YKYD69Q\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (USE_FOR_DENY_ONLY) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010cdc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 2AC 0x 214 0x 118 0x 210 0x 340 0x 3F4 0x 264 0x AE8 0x AE4 0x 5B0

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000020000	0x00020000	0x00026fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000030000	0x00030000	0x00031fff	Pagefile Backed Memory	Readable, Writable	Region Actions
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000050000	0x00050000	0x00053fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00060000	0x000c6fff	Memory Mapped File	Readable	Region Actions
iexplore.exe.mui	0x000d0000	0x000d1fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable	Region Actions Download Dump
oleaccrc.dll	0x00100000	0x00100fff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000110000	0x00110000	0x00111fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000120000	0x00120000	0x00120fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000130000	0x00130000	0x00131fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000140000	0x00140000	0x00140fff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000150000	0x00150000	0x00150fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000160000	0x00160000	0x00161fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000170000	0x00170000	0x00170fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000180000	0x00180000	0x001edfff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000001f0000	0x001f0000	0x0022ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000230000	0x00230000	0x002a7fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x00000000002b0000	0x002b0000	0x002b1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000002c0000	0x002c0000	0x002fffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000300000	0x00300000	0x00301fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000310000	0x00310000	0x00311fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000320000	0x00320000	0x00320fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000330000	0x00330000	0x00330fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000340000	0x00340000	0x0043ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000440000	0x00440000	0x0051efff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000520000	0x00520000	0x00520fff	Pagefile Backed Memory	Readable, Writable	Region Actions
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db	0x00530000	0x0054efff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000000550000	0x00550000	0x00550fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000560000	0x00560000	0x00561fff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x0000000000570000	0x00570000	0x00571fff	Pagefile Backed Memory	Readable	Region Actions
index.dat	0x00580000	0x0058bfff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000590000	0x00590000	0x0060ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000610000	0x00610000	0x0064ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000650000	0x00650000	0x0068ffff	Private Memory	Readable, Writable	Region Actions
index.dat	0x00690000	0x00697fff	Memory Mapped File	Readable, Writable	Region Actions
index.dat	0x006a0000	0x006affff	Memory Mapped File	Readable, Writable	Region Actions
pagefile_0x00000000006b0000	0x006b0000	0x006b0fff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x00000000006c0000	0x006c0000	0x006fffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000700000	0x00700000	0x0071ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000720000	0x00720000	0x00720fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000730000	0x00730000	0x00731fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000760000	0x00760000	0x0085ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000860000	0x00860000	0x009e7fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000a00000	0x00a00000	0x00a0ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000a10000	0x00a10000	0x00b90fff	Pagefile Backed Memory	Readable	Region Actions
sortdefault.nls	0x00ba0000	0x00e6efff	Memory Mapped File	Readable	Region Actions
private_0x0000000000e70000	0x00e70000	0x00f6ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000fa0000	0x00fa0000	0x00fdffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000fe0000	0x00fe0000	0x0101ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001020000	0x01020000	0x0111ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000011b0000	0x011b0000	0x011effff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001200000	0x01200000	0x012fffff	Private Memory	Readable, Writable	Region Actions
iexplore.exe	0x01340000	0x013e5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x00000000013f0000	0x013f0000	0x027effff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000002800000	0x02800000	0x0283ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000028a0000	0x028a0000	0x028dffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002910000	0x02910000	0x02a0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002a10000	0x02a10000	0x02b0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002b10000	0x02b10000	0x02d0ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002d90000	0x02d90000	0x02dcffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002df0000	0x02df0000	0x02eeffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000002ef0000	0x02ef0000	0x032e2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000003470000	0x03470000	0x0356ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000035a0000	0x035a0000	0x0369ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000037f0000	0x037f0000	0x0382ffff	Private Memory	Readable, Writable	Region Actions
staticcache.dat	0x03830000	0x0415ffff	Memory Mapped File	Readable	Region Actions
private_0x000000005fff0000	0x5fff0000	0x5fffffff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ieframe.dll	0x721e0000	0x72c5ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwmapi.dll	0x73440000	0x73452fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x738c0000	0x7393ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73a80000	0x73adbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73ae0000	0x73b1efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73b50000	0x73b57fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ieproxy.dll	0x73f20000	0x73f4afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleacc.dll	0x74050000	0x7408bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
propsys.dll	0x742f0000	0x743e4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrtremote.dll	0x74550000	0x7455dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comctl32.dll	0x74720000	0x748bdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winnsi.dll	0x74910000	0x74916fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iphlpapi.dll	0x74920000	0x7493bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dnsapi.dll	0x74940000	0x74983fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
profapi.dll	0x74990000	0x7499afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntmarta.dll	0x749a0000	0x749c0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rsaenh.dll	0x749d0000	0x74a0afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptsp.dll	0x74a10000	0x74a25fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcp90.dll	0x74a60000	0x74aedfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcr90.dll	0x74af0000	0x74b92fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
acroiehelpershim.dll	0x74ba0000	0x74bb0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apphelp.dll	0x74bc0000	0x74c0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sqmapi.dll	0x74bd0000	0x74c02fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ieshims.dll	0x74c10000	0x74c44fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mlang.dll	0x74dd0000	0x74dfdfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x74f00000	0x74f0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x74f10000	0x74f6ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x74f70000	0x750cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x750d0000	0x7516cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wldap32.dll	0x75170000	0x751b4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x751c0000	0x751c9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x751d0000	0x752dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x752e0000	0x753abfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
urlmon.dll	0x753b0000	0x754e5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cfgmgr32.dll	0x754f0000	0x75516fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x75520000	0x755aefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
devobj.dll	0x755b0000	0x755c1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x755d0000	0x7567bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
psapi.dll	0x756e0000	0x756e4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
comdlg32.dll	0x75700000	0x7577afff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x75780000	0x757d6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x757e0000	0x758cffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msasn1.dll	0x758d0000	0x758dbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iertutil.dll	0x758e0000	0x75adafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x75b40000	0x75b9ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wininet.dll	0x75ba0000	0x75c94fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75ca0000	0x75ce5fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x75cf0000	0x76939fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
setupapi.dll	0x76940000	0x76adcfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x76ae0000	0x76b14fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76b20000	0x76baffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x76c40000	0x76c58fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
clbcatq.dll	0x76c60000	0x76ce2fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x76cf0000	0x76e0cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x76e10000	0x76f0ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x76f10000	0x76faffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000076fb0000	0x76fb0000	0x770a9fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000770b0000	0x770b0000	0x771cefff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x771d0000	0x77378fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x77380000	0x77385fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x773b0000	0x7752ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x000000007ef9e000	0x7ef9e000	0x7efa0fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efa1000	0x7efa1000	0x7efa3fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efa4000	0x7efa4000	0x7efa6fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efa7000	0x7efa7000	0x7efa9fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efaa000	0x7efaa000	0x7efacfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efad000	0x7efad000	0x7efaffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efd5000	0x7efd5000	0x7efd7fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions
For performance reasons, the remaining 65 entries are omitted. The remaining entries can be found in flog.txt.